Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
Z
zeromq3
Manage
Activity
Members
Labels
Code
Merge requests
0
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Model registry
Operate
Environments
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
pkg
zeromq3
Commits
31a14bca
Commit
31a14bca
authored
5 years ago
by
Apertis CI
Browse files
Options
Downloads
Plain Diff
Merge updates from debian/buster
parents
0d87bb4c
0b3566d9
No related branches found
No related tags found
1 merge request
!3
Update from debian/buster for apertis/v2020pre
Pipeline
#159470
passed with stages
Stage: build-env
Stage: build
Stage: release
Stage: upload
Stage: OBS
in 51 seconds
Changes
3
Pipelines
9
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
debian/changelog
+8
-0
8 additions, 0 deletions
debian/changelog
debian/patches/CVE-2019-13132.patch
+110
-0
110 additions, 0 deletions
debian/patches/CVE-2019-13132.patch
debian/patches/series
+1
-0
1 addition, 0 deletions
debian/patches/series
with
119 additions
and
0 deletions
debian/changelog
+
8
−
0
View file @
31a14bca
zeromq3 (4.3.1-4+deb10u1) buster-security; urgency=high
[ Luca Boccassi <bluca@debian.org> ]
* Fix CVE-2019-13132: application metadata not parsed correctly when using
CURVE.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 06 Jul 2019 14:13:37 +0000
zeromq3 (4.3.1-4) unstable; urgency=medium
[ Luca Boccassi <bluca@debian.org> ]
...
...
This diff is collapsed.
Click to expand it.
debian/patches/CVE-2019-13132.patch
0 → 100644
+
110
−
0
View file @
31a14bca
From 29f1ea22396d1b41b218343d50d4c22857d1fb28 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Tue, 2 Jul 2019 01:24:19 +0100
Subject: [PATCH] Problem: application metadata not parsed correctly when using
CURVE
Solution: create buffers large enough to contain arbitrary metadata
---
src/curve_server.cpp | 35 ++++++++++++++++++++++++-----------
1 file changed, 24 insertions(+), 11 deletions(-)
diff --git a/src/curve_server.cpp b/src/curve_server.cpp
index 69a1aa9f..ac1e3ae3 100644
--- a/src/curve_server.cpp
+++ b/src/curve_server.cpp
@@ -327,8 +327,12 @@
int zmq::curve_server_t::process_initiate (msg_t *msg_)
const size_t clen = (size - 113) + crypto_box_BOXZEROBYTES;
uint8_t initiate_nonce[crypto_box_NONCEBYTES];
- uint8_t initiate_plaintext[crypto_box_ZEROBYTES + 128 + 256];
- uint8_t initiate_box[crypto_box_BOXZEROBYTES + 144 + 256];
+ uint8_t *initiate_plaintext =
+ static_cast<uint8_t *> (malloc (crypto_box_ZEROBYTES + clen));
+ alloc_assert (initiate_plaintext);
+ uint8_t *initiate_box =
+ static_cast<uint8_t *> (malloc (crypto_box_BOXZEROBYTES + clen));
+ alloc_assert (initiate_box);
// Open Box [C + vouch + metadata](C'->S')
memset (initiate_box, 0, crypto_box_BOXZEROBYTES);
@@ -339,6 +343,8 @@
int zmq::curve_server_t::process_initiate (msg_t *msg_)
memcpy (initiate_nonce + 16, initiate + 105, 8);
cn_peer_nonce = get_uint64 (initiate + 105);
+ const uint8_t *client_key = initiate_plaintext + crypto_box_ZEROBYTES;
+
rc = crypto_box_open (initiate_plaintext, initiate_box, clen,
initiate_nonce, _cn_client, _cn_secret);
if (rc != 0) {
@@ -346,11 +352,10 @@
int zmq::curve_server_t::process_initiate (msg_t *msg_)
session->get_socket ()->event_handshake_failed_protocol (
session->get_endpoint (), ZMQ_PROTOCOL_ERROR_ZMTP_CRYPTOGRAPHIC);
errno = EPROTO;
- return -1;
+ rc = -1;
+ goto exit;
}
- const uint8_t *client_key = initiate_plaintext + crypto_box_ZEROBYTES;
-
uint8_t vouch_nonce[crypto_box_NONCEBYTES];
uint8_t vouch_plaintext[crypto_box_ZEROBYTES + 64];
uint8_t vouch_box[crypto_box_BOXZEROBYTES + 80];
@@ -371,7 +376,8 @@
int zmq::curve_server_t::process_initiate (msg_t *msg_)
session->get_socket ()->event_handshake_failed_protocol (
session->get_endpoint (), ZMQ_PROTOCOL_ERROR_ZMTP_CRYPTOGRAPHIC);
errno = EPROTO;
- return -1;
+ rc = -1;
+ goto exit;
}
// What we decrypted must be the client's short-term public key
@@ -383,7 +389,8 @@
int zmq::curve_server_t::process_initiate (msg_t *msg_)
session->get_socket ()->event_handshake_failed_protocol (
session->get_endpoint (), ZMQ_PROTOCOL_ERROR_ZMTP_KEY_EXCHANGE);
errno = EPROTO;
- return -1;
+ rc = -1;
+ goto exit;
}
// Precompute connection secret from client key
@@ -405,7 +412,7 @@
int zmq::curve_server_t::process_initiate (msg_t *msg_)
// is attempted)
rc = receive_and_process_zap_reply ();
if (rc == -1)
- return -1;
+ goto exit;
} else if (!options.zap_enforce_domain) {
// This supports the Stonehouse pattern (encryption without
// authentication) in legacy mode (domain set but no handler).
@@ -413,15 +420,21 @@
int zmq::curve_server_t::process_initiate (msg_t *msg_)
} else {
session->get_socket ()->event_handshake_failed_no_detail (
session->get_endpoint (), EFAULT);
- return -1;
+ rc = -1;
+ goto exit;
}
} else {
// This supports the Stonehouse pattern (encryption without authentication).
state = sending_ready;
}
- return parse_metadata (initiate_plaintext + crypto_box_ZEROBYTES + 128,
- clen - crypto_box_ZEROBYTES - 128);
+ rc = parse_metadata (initiate_plaintext + crypto_box_ZEROBYTES + 128,
+ clen - crypto_box_ZEROBYTES - 128);
+
+exit:
+ free (initiate_plaintext);
+ free (initiate_box);
+ return rc;
}
int zmq::curve_server_t::produce_ready (msg_t *msg_)
--
2.20.1
This diff is collapsed.
Click to expand it.
debian/patches/series
+
1
−
0
View file @
31a14bca
...
...
@@ -4,3 +4,4 @@ test_hardcoded_ipc_path.patch
ppc64_atomic_intrinsics.patch
test_pair_ipc_hurd.patch
gssapi_pkgconfig.patch
CVE-2019-13132.patch
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment