Control: tags 867398 + patch Control: tags 867398 + pending Hi Andreas,
I've prepared an NMU for libtasn1-6 (versioned as 4.12-2.1) and uploaded it to DELAYED/10. Please feel free to tell me if I should delay it longer. I still agree the fix is not urgent, but while looking for the fixing commit, I produced builts, so proposed the NMU. I can happily drop it if you feel it's not needed. OTOH if unstable is fixed an update for a future point release for both jessie and stretch would be good. Regards, Salvatore
diff -Nru libtasn1-6-4.12/debian/changelog libtasn1-6-4.12/debian/changelog --- libtasn1-6-4.12/debian/changelog 2017-06-18 11:16:39.000000000 +0200 +++ libtasn1-6-4.12/debian/changelog 2017-07-25 07:04:58.000000000 +0200 @@ -1,3 +1,11 @@ +libtasn1-6 (4.12-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * _asn1_check_identifier: safer access to values read (CVE-2017-10790) + (Closes: #867398) + + -- Salvatore Bonaccorso <car...@debian.org> Tue, 25 Jul 2017 07:04:58 +0200 + libtasn1-6 (4.12-2) unstable; urgency=low * Upload to unstable. diff -Nru libtasn1-6-4.12/debian/patches/0001-_asn1_check_identifier-safer-access-to-values-read.patch libtasn1-6-4.12/debian/patches/0001-_asn1_check_identifier-safer-access-to-values-read.patch --- libtasn1-6-4.12/debian/patches/0001-_asn1_check_identifier-safer-access-to-values-read.patch 1970-01-01 01:00:00.000000000 +0100 +++ libtasn1-6-4.12/debian/patches/0001-_asn1_check_identifier-safer-access-to-values-read.patch 2017-07-25 07:04:58.000000000 +0200 @@ -0,0 +1,57 @@ +From: Nikos Mavrogiannopoulos <n...@redhat.com> +Date: Thu, 22 Jun 2017 16:31:37 +0200 +Subject: _asn1_check_identifier: safer access to values read +Origin: http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=d8d805e1f2e6799bb2dff4871a8598dc83088a39 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-10790 +Bug-Debian: https://bugs.debian.org/867398 + +Signed-off-by: Nikos Mavrogiannopoulos <n...@redhat.com> +--- + lib/parser_aux.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/lib/parser_aux.c b/lib/parser_aux.c +index 976ab38..786ea64 100644 +--- a/lib/parser_aux.c ++++ b/lib/parser_aux.c +@@ -955,7 +955,7 @@ _asn1_check_identifier (asn1_node node) + if (p2 == NULL) + { + if (p->value) +- _asn1_strcpy (_asn1_identifierMissing, p->value); ++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value); + else + _asn1_strcpy (_asn1_identifierMissing, "(null)"); + return ASN1_IDENTIFIER_NOT_FOUND; +@@ -968,9 +968,15 @@ _asn1_check_identifier (asn1_node node) + if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT)) + { + _asn1_str_cpy (name2, sizeof (name2), node->name); +- _asn1_str_cat (name2, sizeof (name2), "."); +- _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); +- _asn1_strcpy (_asn1_identifierMissing, p2->value); ++ if (p2->value) ++ { ++ _asn1_str_cat (name2, sizeof (name2), "."); ++ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); ++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); ++ } ++ else ++ _asn1_strcpy (_asn1_identifierMissing, "(null)"); ++ + p2 = asn1_find_node (node, name2); + if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) || + !(p2->type & CONST_ASSIGN)) +@@ -990,7 +996,8 @@ _asn1_check_identifier (asn1_node node) + _asn1_str_cpy (name2, sizeof (name2), node->name); + _asn1_str_cat (name2, sizeof (name2), "."); + _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); +- _asn1_strcpy (_asn1_identifierMissing, p2->value); ++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); ++ + p2 = asn1_find_node (node, name2); + if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) + || !(p2->type & CONST_ASSIGN)) +-- +2.13.3 + diff -Nru libtasn1-6-4.12/debian/patches/series libtasn1-6-4.12/debian/patches/series --- libtasn1-6-4.12/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ libtasn1-6-4.12/debian/patches/series 2017-07-25 07:04:58.000000000 +0200 @@ -0,0 +1 @@ +0001-_asn1_check_identifier-safer-access-to-values-read.patch
