-
Notifications
You must be signed in to change notification settings - Fork 546
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
15f2e79
commit 966a923
Showing
4 changed files
with
66 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| From accb61e9c1a005e5c8ff96a8b33893100bb42d11 Mon Sep 17 00:00:00 2001 | ||
| From: =?UTF-8?q?Markus=20Schifferm=C3=BCller?= | ||
| <[email protected]> | ||
| Date: Tue, 13 Aug 2024 22:21:52 -0400 | ||
| Subject: [PATCH] lib: DER signature decoding correction | ||
|
|
||
| --- | ||
| lib/elliptic/ec/signature.js | 10 ++++++++++ | ||
| lib/elliptic/eddsa/signature.js | 1 + | ||
| 2 files changed, 11 insertions(+) | ||
|
|
||
| diff --git a/src/ui/node_modules/elliptic/lib/elliptic/ec/signature.js b/src/ui/node_modules/elliptic/lib/elliptic/ec/signature.js | ||
| index 539df6a2..48e3a26f 100644 | ||
| --- a/src/ui/node_modules/elliptic/lib/elliptic/ec/signature.js | ||
| +++ b/src/ui/node_modules/elliptic/lib/elliptic/ec/signature.js | ||
| @@ -38,6 +38,10 @@ function getLength(buf, p) { | ||
| return false; | ||
| } | ||
|
|
||
| + if(buf[p.place] === 0x00) { | ||
| + return false; | ||
| + } | ||
| + | ||
| var val = 0; | ||
| for (var i = 0, off = p.place; i < octetLen; i++, off++) { | ||
| val <<= 8; | ||
| @@ -86,6 +90,9 @@ Signature.prototype._importDER = function _importDER(data, enc) { | ||
| if (rlen === false) { | ||
| return false; | ||
| } | ||
| + if ((data[p.place] & 128) !== 0) { | ||
| + return false; | ||
| + } | ||
| var r = data.slice(p.place, rlen + p.place); | ||
| p.place += rlen; | ||
| if (data[p.place++] !== 0x02) { | ||
| @@ -98,6 +105,9 @@ Signature.prototype._importDER = function _importDER(data, enc) { | ||
| if (data.length !== slen + p.place) { | ||
| return false; | ||
| } | ||
| + if ((data[p.place] & 128) !== 0) { | ||
| + return false; | ||
| + } | ||
| var s = data.slice(p.place, slen + p.place); | ||
| if (r[0] === 0) { | ||
| if (r[1] & 0x80) { | ||
| diff --git a/src/ui/node_modules/elliptic/lib/elliptic/eddsa/signature.js b/src/ui/node_modules/elliptic/lib/elliptic/eddsa/signature.js | ||
| index 30ebc920..b224ad1c 100644 | ||
| --- a/src/ui/node_modules/elliptic/lib/elliptic/eddsa/signature.js | ||
| +++ b/src/ui/node_modules/elliptic/lib/elliptic/eddsa/signature.js | ||
| @@ -21,6 +21,7 @@ function Signature(eddsa, sig) { | ||
| sig = parseBytes(sig); | ||
|
|
||
| if (Array.isArray(sig)) { | ||
| + assert(sig.length === eddsa.encodingLength * 2, 'Signature has invalid size'); | ||
| sig = { | ||
| R: sig.slice(0, eddsa.encodingLength), | ||
| S: sig.slice(eddsa.encodingLength), |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| # Addressed as part of CVE-2024-42459.patch |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| # Addressed as part of CVE-2024-42459.patch |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -6,7 +6,7 @@ | |
| Summary: Reaper for cassandra is a tool for running Apache Cassandra repairs against single or multi-site clusters. | ||
| Name: reaper | ||
| Version: 3.1.1 | ||
| Release: 10%{?dist} | ||
| Release: 11%{?dist} | ||
| License: ASL 2.0 | ||
| Vendor: Microsoft Corporation | ||
| Distribution: Mariner | ||
|
|
@@ -35,6 +35,7 @@ Source7: reaper-local-n-%{version}-%{local_n_release}.tar.gz | |
| Patch0: CVE-2024-37890.patch | ||
| Patch1: CVE-2023-42282.patch | ||
| Patch2: CVE-2017-18214.patch | ||
| Patch3: CVE-2024-42459.patch | ||
| BuildRequires: git | ||
| BuildRequires: javapackages-tools | ||
| BuildRequires: maven | ||
|
|
@@ -171,6 +172,10 @@ fi | |
| %{_unitdir}/cassandra-%{name}.service | ||
|
|
||
| %changelog | ||
| * Tue Aug 20 2024 Cameron Baird <[email protected]> - 3.1.1-11 | ||
| - Introduce DER-signature-decoding-correction.patch to address CVE-2024-42459, | ||
| - CVE-2024-42460, CVE-2024-42461 | ||
|
|
||
| * Tue Jul 09 2024 Pawel Winogrodzki <[email protected]> - 3.1.1-10 | ||
| - Patching CVE-2024-37890, CVE-2023-42282, and CVE-2017-18214. | ||
|
|
||
|
|
||