mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-09-21 04:49:01 +02:00
libressl_3_2, libressl_3_4: add patch for CVE-2021-41581
This commit is contained in:
parent
0f88e9ff05
commit
01cc988d96
53
pkgs/development/libraries/libressl/CVE-2021-41581.patch
Normal file
53
pkgs/development/libraries/libressl/CVE-2021-41581.patch
Normal file
|
@ -0,0 +1,53 @@
|
|||
Based on upstream https://github.com/openbsd/src/commit/62ceddea5b1d64a1a362bbb7071d9e15adcde6b1
|
||||
with paths switched to apply to libressl-portable and CVS header
|
||||
hunk removed.
|
||||
|
||||
--- a/crypto/x509/x509_constraints.c
|
||||
+++ b/crypto/x509/x509_constraints.c
|
||||
@@ -339,16 +339,16 @@
|
||||
if (c == '.')
|
||||
goto bad;
|
||||
}
|
||||
- if (wi > DOMAIN_PART_MAX_LEN)
|
||||
- goto bad;
|
||||
if (accept) {
|
||||
+ if (wi >= DOMAIN_PART_MAX_LEN)
|
||||
+ goto bad;
|
||||
working[wi++] = c;
|
||||
accept = 0;
|
||||
continue;
|
||||
}
|
||||
if (candidate_local != NULL) {
|
||||
/* We are looking for the domain part */
|
||||
- if (wi > DOMAIN_PART_MAX_LEN)
|
||||
+ if (wi >= DOMAIN_PART_MAX_LEN)
|
||||
goto bad;
|
||||
working[wi++] = c;
|
||||
if (i == len - 1) {
|
||||
@@ -363,7 +363,7 @@
|
||||
continue;
|
||||
}
|
||||
/* We are looking for the local part */
|
||||
- if (wi > LOCAL_PART_MAX_LEN)
|
||||
+ if (wi >= LOCAL_PART_MAX_LEN)
|
||||
break;
|
||||
|
||||
if (quoted) {
|
||||
@@ -383,6 +383,8 @@
|
||||
*/
|
||||
if (c == 9)
|
||||
goto bad;
|
||||
+ if (wi >= LOCAL_PART_MAX_LEN)
|
||||
+ goto bad;
|
||||
working[wi++] = c;
|
||||
continue; /* all's good inside our quoted string */
|
||||
}
|
||||
@@ -412,6 +414,8 @@
|
||||
}
|
||||
if (!local_part_ok(c))
|
||||
goto bad;
|
||||
+ if (wi >= LOCAL_PART_MAX_LEN)
|
||||
+ goto bad;
|
||||
working[wi++] = c;
|
||||
}
|
||||
if (candidate_local == NULL || candidate_domain == NULL)
|
|
@ -3,6 +3,7 @@
|
|||
, lib
|
||||
, cmake
|
||||
, cacert
|
||||
, fetchpatch
|
||||
, buildShared ? !stdenv.hostPlatform.isStatic
|
||||
}:
|
||||
|
||||
|
@ -82,9 +83,15 @@ in {
|
|||
libressl_3_2 = generic {
|
||||
version = "3.2.5";
|
||||
sha256 = "1zkwrs3b19s1ybz4q9hrb7pqsbsi8vxcs44qanfy11fkc7ynb2kr";
|
||||
patches = [
|
||||
./CVE-2021-41581.patch
|
||||
];
|
||||
};
|
||||
libressl_3_4 = generic {
|
||||
version = "3.4.0";
|
||||
sha256 = "1lhn76nd59p1dfd27b4636zj6wh3f5xsi8b3sxqnl820imsswbp5";
|
||||
patches = [
|
||||
./CVE-2021-41581.patch
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue