pool/corosync
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 596062 from network:ha-clustering:Factory

Browse Source 
-  (CVE-2018-1084) VUL-0: CVE-2018-1084: corosync: Integer overflow in totemcrypto(bsc#1089346)
    Added: 0018-bsc#1089346-corosync-Integer-overflow-in-totemcrypto.patch
    
- UNKNOWN version in corosync pkg-config(bsc#1088619)
    Added: 0017-bsc#1088619-add-version.patch

OBS-URL: https://build.opensuse.org/request/show/596062
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/corosync?expand=0&rev=56
This commit is contained in:
Dominique Leuenberger 2018-04-17 09:13:19 +00:00 committed by Git OBS Bridge
commit 1dc50c42fc
4 changed files with 46 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
0017-bsc#1088619-add-version.patch Normal file
View File

@ -0,0 +1,4 @@
--- /dev/null 2018-04-10 08:30:37.121221591 +0800
+++ corosync-2.4.3/.tarball-version 2018-04-10 18:30:37.907779088 +0800
@@ -0,0 +1 @@
+2.4.3

26
0018-bsc#1089346-corosync-Integer-overflow-in-totemcrypto.patch Normal file
View File

@ -0,0 +1,26 @@
--- corosync-2.4.3.orig/exec/totemcrypto.c 2017-10-20 20:40:19.000000000 +0800
+++ corosync-2.4.3/exec/totemcrypto.c 2018-04-13 13:01:02.864922963 +0800
@@ -736,6 +736,11 @@
unsigned char tmp_hash[hash_len[instance->crypto_hash_type]];
int datalen = *buf_len - hash_len[instance->crypto_hash_type];
+ if (*buf_len <= hash_len[instance->crypto_hash_type]) {
+ log_printf(instance->log_level_security, "Received message is too short... ignoring");
+ return -1;
+ }
+
if (calculate_nss_hash(instance, buf, datalen, tmp_hash) < 0) {
return -1;
}
@@ -845,6 +850,11 @@
{
struct crypto_config_header *cch = (struct crypto_config_header *)buf;
+ if (*buf_len <= sizeof(struct crypto_config_header)) {
+ log_printf(instance->log_level_security, "Received message is too short... ignoring");
+ return (-1);
+ }
+
if (cch->crypto_cipher_type != CRYPTO_CIPHER_TYPE_2_3) {
log_printf(instance->log_level_security,
"Incoming packet has different crypto type. Rejecting");

12
corosync.changes
View File

@ -1,3 +1,15 @@
-------------------------------------------------------------------
Fri Apr 13 05:17:10 UTC 2018 - bliu@suse.com
- (CVE-2018-1084) VUL-0: CVE-2018-1084: corosync: Integer overflow in totemcrypto(bsc#1089346)
Added: 0018-bsc#1089346-corosync-Integer-overflow-in-totemcrypto.patch
-------------------------------------------------------------------
Tue Apr 10 02:46:08 UTC 2018 - bliu@suse.com
- UNKNOWN version in corosync pkg-config(bsc#1088619)
Added: 0017-bsc#1088619-add-version.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Mar 8 06:19:09 UTC 2018 - bliu@suse.com Thu Mar 8 06:19:09 UTC 2018 - bliu@suse.com

4
corosync.spec
View File

@ -78,6 +78,8 @@ Patch20: 0013-logging-Make-blackbox-configurable.patch
Patch21: 0014-logging-Close-before-and-open-blackbox-after-fork.patch Patch21: 0014-logging-Close-before-and-open-blackbox-after-fork.patch
Patch22: 0015-coverity-fixes.patch Patch22: 0015-coverity-fixes.patch
Patch23: 0016-bsc#1083561-upgrade-from-1-x-y.patch Patch23: 0016-bsc#1083561-upgrade-from-1-x-y.patch
Patch24: 0017-bsc#1088619-add-version.patch
Patch25: 0018-bsc#1089346-corosync-Integer-overflow-in-totemcrypto.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
# openais is indeed gone and should be uninstalled. Yes, we do not # openais is indeed gone and should be uninstalled. Yes, we do not
@ -166,6 +168,8 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build
%patch21 -p1 %patch21 -p1
%patch22 -p1 %patch22 -p1
%patch23 -p1 %patch23 -p1
%patch24 -p1
%patch25 -p1
%build %build
%if %{with runautogen} %if %{with runautogen}