diff --git a/backport-A-null-pointer-dereference-occurs-when-memory-alloca.patch b/backport-A-null-pointer-dereference-occurs-when-memory-alloca.patch new file mode 100644 index 0000000000000000000000000000000000000000..afd87baea87f23507507763391a05655e159f6d8 --- /dev/null +++ b/backport-A-null-pointer-dereference-occurs-when-memory-alloca.patch @@ -0,0 +1,36 @@ +From a8da305fa3dd6e34ba5aab3978281f652fd12883 Mon Sep 17 00:00:00 2001 +From: yangyangtiantianlonglong +Date: Mon, 31 Jul 2023 07:04:41 -0700 +Subject: [PATCH] A null pointer dereference occurs when memory allocation + fails + +Fixes #21605 + +Reviewed-by: Hugo Landau +Reviewed-by: Matthias St. Pierre +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/21606) +--- + ssl/ssl_sess.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c +index cda6b7cc5b..2a5d21be79 100644 +--- a/ssl/ssl_sess.c ++++ b/ssl/ssl_sess.c +@@ -139,8 +139,11 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) + dest->references = 1; + + dest->lock = CRYPTO_THREAD_lock_new(); +- if (dest->lock == NULL) ++ if (dest->lock == NULL) { ++ OPENSSL_free(dest); ++ dest = NULL; + goto err; ++ } + + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data)) + goto err; +-- +2.27.0 + diff --git a/backport-Make-DH_check-set-some-error-bits-in-recently-added-.patch b/backport-Make-DH_check-set-some-error-bits-in-recently-added-.patch new file mode 100644 index 0000000000000000000000000000000000000000..271c4815a36de4208a9f3d79fd5858b102e99f6b --- /dev/null +++ b/backport-Make-DH_check-set-some-error-bits-in-recently-added-.patch @@ -0,0 +1,37 @@ +From eec805ee71356c06f9a86192fa06507c3bb92b09 Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger +Date: Sun, 23 Jul 2023 14:27:54 +0200 +Subject: [PATCH] Make DH_check set some error bits in recently added error + +The pre-existing error cases where DH_check returned zero +are not related to the dh params in any way, but are only +triggered by out-of-memory errors, therefore having *ret +set to zero feels right, but since the new error case is +triggered by too large p values that is something different. +On the other hand some callers of this function might not +be prepared to handle the return value correctly but only +rely on *ret. Therefore we set some error bits in *ret as +additional safety measure. + +Reviewed-by: Paul Dale +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/21533) +--- + crypto/dh/dh_check.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c +index e5f9dd5030..2001d2e7cb 100644 +--- a/crypto/dh/dh_check.c ++++ b/crypto/dh/dh_check.c +@@ -104,6 +104,7 @@ int DH_check(const DH *dh, int *ret) + /* Don't do any checks at all with an excessively large modulus */ + if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) { + DHerr(DH_F_DH_CHECK, DH_R_MODULUS_TOO_LARGE); ++ *ret = DH_CHECK_P_NOT_PRIME; + return 0; + } + +-- +2.27.0 + diff --git a/openssl.spec b/openssl.spec index 96c93ac0f79afc9f05c5ea0a3e7584486544847f..1da69620a6e14e719c3482d4ce940725d62d270d 100644 --- a/openssl.spec +++ b/openssl.spec @@ -2,7 +2,7 @@ Name: openssl Epoch: 1 Version: 1.1.1m -Release: 23 +Release: 24 Summary: Cryptography and SSL/TLS Toolkit License: OpenSSL and SSLeay URL: https://www.openssl.org/ @@ -66,6 +66,8 @@ Patch55: backport-update-expired-certificates-for-sm2.patch Patch56: backport-CVE-2023-3817.patch Patch57: backport-CVE-2023-3817-testcase.patch Patch58: Fix-FIPS-getenv-build-failure.patch +Patch59: backport-A-null-pointer-dereference-occurs-when-memory-alloca.patch +Patch60: backport-Make-DH_check-set-some-error-bits-in-recently-added-.patch BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} @@ -268,6 +270,9 @@ make test || : %ldconfig_scriptlets libs %changelog +* Fri Sep 22 2023 dongyuzhen - 1:1.1.1m-24 +- Backport some upstream patches + * Fri Sep 8 2023 reverse-world - 1:1.1.1m-23 - fix FIPS getenv compatibility problem