rpms
/
libtommath
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2023-36328 (#2236877,#2236878)

Browse Source 
The original patch was modified so it can be applied on top of
libtommath-1.1.0.
epel8 imports/epel8/libtommath-1.1.0-4.el8
Frantisek Sumsal 1 year ago
parent 85e72f98d5
commit 60e9961683
2 changed files with 109 additions and 1 deletions
Show Stats Download Patch File Download Diff File

106
CVE-2023-36328.patch
Unescape View File

@ -0,0 +1,106 @@
From beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 Mon Sep 17 00:00:00 2001
From: czurnieden <czurnieden@gmx.de>
Date: Tue, 9 May 2023 17:17:12 +0200
Subject: [PATCH] Fix possible integer overflow
[fsumsal] Slightly altered to make it work with libtommath-1.1.0
---
bn_mp_2expt.c | 4 ++++
bn_mp_grow.c | 4 ++++
bn_mp_init_size.c | 5 +++++
bn_mp_mul_2d.c | 4 ++++
bn_s_mp_mul_digs.c | 4 ++++
bn_s_mp_mul_high_digs.c | 4 ++++
8 files changed, 33 insertions(+)
diff --git a/bn_mp_2expt.c b/bn_mp_2expt.c
index 0ae3df1bf..23de0c3c5 100644
--- a/bn_mp_2expt.c
+++ b/bn_mp_2expt.c
@@ -12,6 +12,10 @@ mp_err mp_2expt(mp_int *a, int b)
{
int res;
+ if (b < 0) {
+ return MP_VAL;
+ }
+
/* zero a as per default */
mp_zero(a);
diff --git a/bn_mp_grow.c b/bn_mp_grow.c
index 9e904c547..2b1682651 100644
--- a/bn_mp_grow.c
+++ b/bn_mp_grow.c
@@ -9,6 +9,10 @@ mp_err mp_grow(mp_int *a, int size)
int i;
mp_digit *tmp;
+ if (size < 0) {
+ return MP_VAL;
+ }
+
/* if the alloc size is smaller alloc more ram */
if (a->alloc < size) {
/* ensure there are always at least MP_PREC digits extra on top */
diff --git a/bn_mp_init_size.c b/bn_mp_init_size.c
index d62268721..99573833f 100644
--- a/bn_mp_init_size.c
+++ b/bn_mp_init_size.c
@@ -6,6 +6,10 @@
{
int x;
+ if (size < 0) {
+ return MP_VAL;
+ }
+
/* pad size so there are always extra digits */
size += (MP_PREC * 2) - (size % MP_PREC);
diff --git a/bn_mp_mul_2d.c b/bn_mp_mul_2d.c
index 87354de20..bfeaf2eb2 100644
--- a/bn_mp_mul_2d.c
+++ b/bn_mp_mul_2d.c
@@ -9,6 +9,10 @@ mp_err mp_mul_2d(const mp_int *a, int b, mp_int *c)
mp_digit d;
int res;
+ if (b < 0) {
+ return MP_VAL;
+ }
+
/* copy */
if (a != c) {
if ((res = mp_copy(a, c)) != MP_OKAY) {
diff --git a/bn_s_mp_mul_digs.c b/bn_s_mp_mul_digs.c
index 64509d4cb..3682b4980 100644
--- a/bn_s_mp_mul_digs.c
+++ b/bn_s_mp_mul_digs.c
@@ -16,6 +16,10 @@ mp_err s_mp_mul_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs)
mp_word r;
mp_digit tmpx, *tmpt, *tmpy;
+ if (digs < 0) {
+ return MP_VAL;
+ }
+
/* can we use the fast multiplier? */
if ((digs < (int)MP_WARRAY) &&
(MIN(a->used, b->used) <
diff --git a/bn_s_mp_mul_high_digs.c b/bn_s_mp_mul_high_digs.c
index 2bb2a5098..c9dd355f8 100644
--- a/bn_s_mp_mul_high_digs.c
+++ b/bn_s_mp_mul_high_digs.c
@@ -15,6 +15,10 @@ mp_err s_mp_mul_high_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs)
mp_word r;
mp_digit tmpx, *tmpt, *tmpy;
+ if (digs < 0) {
+ return MP_VAL;
+ }
+
/* can we use the fast multiplier? */
#ifdef BN_FAST_S_MP_MUL_HIGH_DIGS_C
if (((a->used + b->used + 1) < (int)MP_WARRAY)

4
libtommath.spec
Unescape View File

@ -7,6 +7,8 @@ URL: http://www.libtom.net/
Source0: https://github.com/libtom/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source0: https://github.com/libtom/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
Patch: CVE-2023-36328.patch
BuildRequires: ghostscript BuildRequires: ghostscript
BuildRequires: libtiff-tools BuildRequires: libtiff-tools
BuildRequires: libtool BuildRequires: libtool
@ -44,7 +46,7 @@ Obsoletes: %{name}-doc < 0.42-1
The %{name}-doc package contains PDF documentation for using %{name}. The %{name}-doc package contains PDF documentation for using %{name}.
%prep %prep
%setup -q %autosetup -p1
# Fix permissions on installed library # Fix permissions on installed library
sed -i -e 's/644 $(LIBNAME)/755 $(LIBNAME)/g' makefile.shared sed -i -e 's/644 $(LIBNAME)/755 $(LIBNAME)/g' makefile.shared
# Fix pkgconfig path # Fix pkgconfig path

Write Preview
Loading…
Cancel
Save