Date: Mon, 26 Aug 2013 11:08:28 GMT From: Renato Botelho <garga@FreeBSD.org> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/181546: security/php53-openssl: Fix CVE-2013-4073 Message-ID: <201308261108.r7QB8SHb090632@oldred.freebsd.org> Resent-Message-ID: <201308261110.r7QBA0ZO068366@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 181546 >Category: ports >Synopsis: security/php53-openssl: Fix CVE-2013-4073 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Aug 26 11:10:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Renato Botelho >Release: 10-current >Organization: ESF >Environment: FreeBSD fbsd1 10.0-CURRENT FreeBSD 10.0-CURRENT #0 r253541: Mon Jul 22 15:34:57 BRT 2013 root@fbsd1:/usr/obj/usr/src/sys/GARGA amd64 >Description: Add a patch to fix CVE-2013-4248 [1], it was obtained from [2]. Bump security/php53-openssl PORTREVISION. [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248 [2] http://git.php.net/?p=php-src.git;a=blobdiff;f=ext/openssl/openssl.c;h=c32748cb6443a4d8e4bb14fe96ad72e32ec8acff;hp=d7ac117e51c8f5d8ab0632c276af48d610b4b19e;hb=2874696a5a8d46639d261571f915c493cd875897;hpb=f4dc2240a048050a87a6e3e31573f13a2256cf2e >How-To-Repeat: >Fix: Patch attached with submission follows: Index: lang/php53/files/patch-ext_openssl_openssl.c =================================================================== --- lang/php53/files/patch-ext_openssl_openssl.c (revision 0) +++ lang/php53/files/patch-ext_openssl_openssl.c (working copy) @@ -0,0 +1,111 @@ +diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c +index d7ac117..c32748c 100644 +--- ext/openssl/openssl.c ++++ ext/openssl/openssl.c +@@ -1398,6 +1398,74 @@ PHP_FUNCTION(openssl_x509_check_private_key) + } + /* }}} */ + ++/* Special handling of subjectAltName, see CVE-2013-4073 ++ * Christian Heimes ++ */ ++ ++static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension) ++{ ++ GENERAL_NAMES *names; ++ const X509V3_EXT_METHOD *method = NULL; ++ long i, length, num; ++ const unsigned char *p; ++ ++ method = X509V3_EXT_get(extension); ++ if (method == NULL) { ++ return -1; ++ } ++ ++ p = extension->value->data; ++ length = extension->value->length; ++ if (method->it) { ++ names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length, ++ ASN1_ITEM_ptr(method->it))); ++ } else { ++ names = (GENERAL_NAMES*)(method->d2i(NULL, &p, length)); ++ } ++ if (names == NULL) { ++ return -1; ++ } ++ ++ num = sk_GENERAL_NAME_num(names); ++ for (i = 0; i < num; i++) { ++ GENERAL_NAME *name; ++ ASN1_STRING *as; ++ name = sk_GENERAL_NAME_value(names, i); ++ switch (name->type) { ++ case GEN_EMAIL: ++ BIO_puts(bio, "email:"); ++ as = name->d.rfc822Name; ++ BIO_write(bio, ASN1_STRING_data(as), ++ ASN1_STRING_length(as)); ++ break; ++ case GEN_DNS: ++ BIO_puts(bio, "DNS:"); ++ as = name->d.dNSName; ++ BIO_write(bio, ASN1_STRING_data(as), ++ ASN1_STRING_length(as)); ++ break; ++ case GEN_URI: ++ BIO_puts(bio, "URI:"); ++ as = name->d.uniformResourceIdentifier; ++ BIO_write(bio, ASN1_STRING_data(as), ++ ASN1_STRING_length(as)); ++ break; ++ default: ++ /* use builtin print for GEN_OTHERNAME, GEN_X400, ++ * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID ++ */ ++ GENERAL_NAME_print(bio, name); ++ } ++ /* trailing ', ' except for last element */ ++ if (i < (num - 1)) { ++ BIO_puts(bio, ", "); ++ } ++ } ++ sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); ++ ++ return 0; ++} ++ + /* {{{ proto array openssl_x509_parse(mixed x509 [, bool shortnames=true]) + Returns an array of the fields/values of the CERT */ + PHP_FUNCTION(openssl_x509_parse) +@@ -1494,15 +1562,29 @@ PHP_FUNCTION(openssl_x509_parse) + + + for (i = 0; i < X509_get_ext_count(cert); i++) { ++ int nid; + extension = X509_get_ext(cert, i); +- if (OBJ_obj2nid(X509_EXTENSION_get_object(extension)) != NID_undef) { ++ nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension)); ++ if (nid != NID_undef) { + extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension))); + } else { + OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1); + extname = buf; + } + bio_out = BIO_new(BIO_s_mem()); +- if (X509V3_EXT_print(bio_out, extension, 0, 0)) { ++ if (nid == NID_subject_alt_name) { ++ if (openssl_x509v3_subjectAltName(bio_out, extension) == 0) { ++ add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); ++ } else { ++ zval_dtor(return_value); ++ if (certresource == -1 && cert) { ++ X509_free(cert); ++ } ++ BIO_free(bio_out); ++ RETURN_FALSE; ++ } ++ } ++ else if (X509V3_EXT_print(bio_out, extension, 0, 0)) { + BIO_get_mem_ptr(bio_out, &bio_buf); + add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); + } else { Index: security/php53-openssl/Makefile =================================================================== --- security/php53-openssl/Makefile (revision 325383) +++ security/php53-openssl/Makefile (working copy) @@ -5,6 +5,8 @@ # $FreeBSD$ # +PORTREVISION= 1 + CATEGORIES= security MASTERDIR= ${.CURDIR}/../../lang/php53 >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201308261108.r7QB8SHb090632>