Bug#754655: polarssl: CVE-2014-4911: Denial of Service against GCM enabled servers and clients

Salvatore Bonaccorso Tue, 15 Jul 2014 04:30:33 -0700

Hi Roland,

Thanks for quick feedback, still not tested but now also attaching the
debdiff for unstable.


On Tue, Jul 15, 2014 at 10:07:39AM +0200, Roland Stigge wrote:
> Lookg good - thanks for your work.
> 
> NMU welcome.

Ok, I can do the NMU (probably tonight).

Regards,
Salvatore

diff -Nru polarssl-1.3.7/debian/changelog polarssl-1.3.7/debian/changelog
--- polarssl-1.3.7/debian/changelog     2014-05-05 21:36:55.000000000 +0200
+++ polarssl-1.3.7/debian/changelog     2014-07-15 13:23:00.000000000 +0200
@@ -1,3 +1,12 @@
+polarssl (1.3.7-2.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Add CVE-2014-4911.patch patch.
+    CVE-2014-4911: Fix Denial of Service against GCM enabled servers (and
+    clients). (Closes: #754655)
+
+ -- Salvatore Bonaccorso <car...@debian.org>  Tue, 15 Jul 2014 13:22:27 +0200
+
 polarssl (1.3.7-2) unstable; urgency=medium
 
   * Enabled POLARSSL_THREADING_C and POLARSSL_THREADING_PTHREAD in config,
diff -Nru polarssl-1.3.7/debian/patches/CVE-2014-4911.patch 
polarssl-1.3.7/debian/patches/CVE-2014-4911.patch
--- polarssl-1.3.7/debian/patches/CVE-2014-4911.patch   1970-01-01 
01:00:00.000000000 +0100
+++ polarssl-1.3.7/debian/patches/CVE-2014-4911.patch   2014-07-15 
13:23:00.000000000 +0200
@@ -0,0 +1,34 @@
+Description: Fix CVE-2014-4911
+ Denial of Service against GCM enabled servers (and clients)
+Origin: upstream, 
https://github.com/polarssl/polarssl/commit/0bcc4e1df78fff6d15c3ecb521e3bd0bbee86e1c
+Bug-Debian: https://bugs.debian.org/754655
+Forwarded: not-needed
+Author: Salvatore Bonaccorso <car...@debian.org>
+Last-Update: 2014-07-15
+Applied-Upstream: 1.3.8
+
+--- a/library/ssl_tls.c
++++ b/library/ssl_tls.c
+@@ -1416,10 +1419,19 @@ static int ssl_decrypt_buf( ssl_context
+         size_t dec_msglen, olen, totlen;
+         unsigned char add_data[13];
+         int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
++        unsigned char taglen = 16;
++        unsigned char explicit_iv_len = ssl->transform_in->ivlen -
++                                        ssl->transform_in->fixed_ivlen;
++
++        if( ssl->in_msglen < explicit_iv_len + taglen )
++        {
++             SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) "
++                                 "+ taglen (%d)", ssl->in_msglen,
++                                 explicit_iv_len, taglen ) );
++             return( POLARSSL_ERR_SSL_INVALID_MAC );
++        }
++        dec_msglen = ssl->in_msglen - explicit_iv_len - taglen;
+ 
+-        dec_msglen = ssl->in_msglen - ( ssl->transform_in->ivlen -
+-                                        ssl->transform_in->fixed_ivlen );
+-        dec_msglen -= 16;
+         dec_msg = ssl->in_msg;
+         dec_msg_result = ssl->in_msg;
+         ssl->in_msglen = dec_msglen;
diff -Nru polarssl-1.3.7/debian/patches/series 
polarssl-1.3.7/debian/patches/series
--- polarssl-1.3.7/debian/patches/series        2013-11-05 22:06:58.000000000 
+0100
+++ polarssl-1.3.7/debian/patches/series        2014-07-15 13:23:00.000000000 
+0200
@@ -1,2 +1,3 @@
 01-config.patch
 02-makefile-destdir-fix.patch
+CVE-2014-4911.patch

Bug#754655: polarssl: CVE-2014-4911: Denial of Service against GCM enabled servers and clients

Reply via email to