[voms/el5: 2/2] Patch that fixes a stack smash when SHA2 certificates are used
Mattias Ellert
ellert at fedoraproject.org
Thu Jun 26 10:14:07 UTC 2014
commit 2bafb83cbea47e9ce28173bad0141f06eb44cde7
Author: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date: Thu Jun 26 12:13:24 2014 +0200
Patch that fixes a stack smash when SHA2 certificates are used
voms-sha2-proxy.patch | 46 ++++++++++++++++++++++++++++++++++++++++++++++
voms.spec | 8 +++++++-
2 files changed, 53 insertions(+), 1 deletions(-)
---
diff --git a/voms-sha2-proxy.patch b/voms-sha2-proxy.patch
new file mode 100644
index 0000000..9fc42fd
--- /dev/null
+++ b/voms-sha2-proxy.patch
@@ -0,0 +1,46 @@
+--- voms-2_0_11/src/sslutils/sslutils.c.orig 2014-05-08 08:03:33.461316510 -0500
++++ voms-2_0_11/src/sslutils/sslutils.c 2014-05-08 08:03:44.134314804 -0500
+@@ -893,7 +893,8 @@
+ unsigned char md[SHA_DIGEST_LENGTH];
+ unsigned int len;
+ EVP_MD* sig_algo;
+-
++
++ OpenSSL_add_all_digests();
+ sig_algo = EVP_get_digestbyobj(req->sig_alg->algorithm);
+ if (sig_algo == NULL) sig_algo = EVP_sha1();
+
+@@ -904,10 +904,11 @@
+
+ user_public_key = X509_get_pubkey(user_cert);
+
++ EVP_MD* cn_sig_algo = EVP_sha1();
+ #ifdef TYPEDEF_I2D_OF
+- ASN1_digest((i2d_of_void*)i2d_PUBKEY, sig_algo, (char *) user_public_key, md, &len);
++ ASN1_digest((i2d_of_void*)i2d_PUBKEY, cn_sig_algo, (char *) user_public_key, md, &len);
+ #else
+- ASN1_digest(i2d_PUBKEY, sig_algo, (char *) user_public_key, md, &len);
++ ASN1_digest(i2d_PUBKEY, cn_sig_algo, (char *) user_public_key, md, &len);
+ #endif
+ EVP_PKEY_free(user_public_key);
+
+@@ -1042,7 +1043,6 @@
+ unsigned int len;
+ EVP_MD* sig_algo;
+
+- sig_algo = EVP_get_digestbyobj(req->sig_alg->algorithm);
+ if (sig_algo == NULL) sig_algo = EVP_sha1();
+
+ if (!selfsigned)
+@@ -1118,9 +1118,9 @@
+
+ new_public_key = X509_REQ_get_pubkey(req);
+ #ifdef TYPEDEF_I2D_OF
+- ASN1_digest((i2d_of_void*)i2d_PUBKEY, sig_algo, (char *) new_public_key, md, &len);
++ ASN1_digest((i2d_of_void*)i2d_PUBKEY, EVP_sha1(), (char *) new_public_key, md, &len);
+ #else
+- ASN1_digest(i2d_PUBKEY, sig_algo, (char *) new_public_key, md, &len);
++ ASN1_digest(i2d_PUBKEY, EVP_sha1(), (char *) new_public_key, md, &len);
+ #endif
+ EVP_PKEY_free(new_public_key);
+ new_public_key = NULL;
diff --git a/voms.spec b/voms.spec
index 17a604f..eea9554 100644
--- a/voms.spec
+++ b/voms.spec
@@ -5,7 +5,7 @@
Name: voms
Version: 2.0.11
%global tagver %(tr . _ <<< %{version})
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: Virtual Organization Membership Service
Group: System Environment/Libraries
@@ -16,6 +16,8 @@ Source0: https://github.com/italiangrid/%{name}/archive/%{tagver}.tar.gz
Source1: %{name}.INSTALL
# Don't use embedded gsoap sources
Patch0: %{name}-gsoap.patch
+# From https://jira.opensciencegrid.org/browse/SOFTWARE-1333
+Patch1: %{name}-sha2-proxy.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: globus-gssapi-gsi-devel
@@ -119,6 +121,7 @@ administrate it remotely using command line tools or a web interface.
%prep
%setup -q -n %{name}-%{tagver}
%patch0 -p1
+%patch1 -p1
# Remove embedded gsoap sources
rm src/server/stdsoap2.c src/server/stdsoap2.h src/server/soap*
@@ -264,6 +267,9 @@ fi
%doc README.Fedora
%changelog
+* Thu Jun 26 2014 Mattias Ellert <mattias.ellert at fysast.uu.se> - 2.0.11-4
+- Patch that fixes a stack smash when SHA2 certificates are used
+
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.0.11-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
More information about the scm-commits
mailing list