openssl/0023-evp-prevent-underflow-in-base64-decoding.patch

From d0666f289ac013094bbbf547bfbcd616199b7d2d Mon Sep 17 00:00:00 2001
From: Geoff Thorpe <geoff@openssl.org>
Date: Sun, 4 May 2014 18:44:14 -0400
Subject: [PATCH 23/23] evp: prevent underflow in base64 decoding

This patch resolves RT ticket #2608.

Thanks to Robert Dugal for originally spotting this, and to David
Ramos for noticing that the ball had been dropped.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
---
 crypto/evp/encode.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index 28546a8..4654bdc 100644
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -324,6 +324,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
 				v=EVP_DecodeBlock(out,d,n);
 				n=0;
 				if (v < 0) { rv=0; goto end; }
+				if (eof > v) { rv=-1; goto end; }
 				ret+=(v-eof);
 				}
 			else
-- 
1.8.4.5
Accepting request 233553 from Base:System - Add upstream patches fixing coverity scan issues: * 0018-fix-coverity-issues-966593-966596.patch * 0020-Initialize-num-properly.patch * 0022-bignum-allow-concurrent-BN_MONT_CTX_set_locked.patch * 0023-evp-prevent-underflow-in-base64-decoding.patch * 0024-Fixed-NULL-pointer-dereference-in-PKCS7_dataDecode-r.patch * 0025-fix-coverity-issue-966597-error-line-is-not-always-i.patch - Update 0001-libcrypto-Hide-library-private-symbols.patch to cover more private symbols, now 98% complete and probably not much more can be done to fix the rest of the ill-defined API. - openssl-fips-hidden.patch new, hides private symbols added by the FIPS patches. - openssl-no-egd.patch disable the EGD (entropy gathering daemon) interface, we have no EGD in the distro and obtaining entropy from a place other than /dev/*random, the hardware rng or the openSSL internal PRNG is an extremely bad & dangerous idea. - use secure_getenv instead of getenv everywhere. (forwarded request 233217 from elvigia) OBS-URL: https://build.opensuse.org/request/show/233553 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=117 2014-05-14 10:26:07 +02:00			`From d0666f289ac013094bbbf547bfbcd616199b7d2d Mon Sep 17 00:00:00 2001`
			`From: Geoff Thorpe <geoff@openssl.org>`
			`Date: Sun, 4 May 2014 18:44:14 -0400`
			`Subject: [PATCH 23/23] evp: prevent underflow in base64 decoding`

			`This patch resolves RT ticket #2608.`

			`Thanks to Robert Dugal for originally spotting this, and to David`
			`Ramos for noticing that the ball had been dropped.`

			`Signed-off-by: Geoff Thorpe <geoff@openssl.org>`
			`---`
			`crypto/evp/encode.c \| 1 +`
			`1 file changed, 1 insertion(+)`

			`diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c`
			`index 28546a8..4654bdc 100644`
			`--- a/crypto/evp/encode.c`
			`+++ b/crypto/evp/encode.c`
			`@@ -324,6 +324,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX ctx, unsigned char out, int *outl,`
			`v=EVP_DecodeBlock(out,d,n);`
			`n=0;`
			`if (v < 0) { rv=0; goto end; }`
			`+ if (eof > v) { rv=-1; goto end; }`
			`ret+=(v-eof);`
			`}`
			`else`
			`--`
			`1.8.4.5`