gnu: libmhash: Fix use-after-free in tests.

* gnu/packages/patches/libmhash-hmac-fix-uaf.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/mcrypt.scm (libmhash)[source]: Use it.
This commit is contained in:
Eric Bavier 2020-08-20 15:27:33 -05:00
parent c6443c2c8f
commit 1cc75fef12
No known key found for this signature in database
GPG key ID: FD73CAC719D32566
3 changed files with 26 additions and 2 deletions

View file

@ -1295,6 +1295,7 @@ dist_patch_DATA = \
%D%/packages/patches/mcrypt-CVE-2012-4426.patch \
%D%/packages/patches/mcrypt-CVE-2012-4527.patch \
%D%/packages/patches/libmemcached-build-with-gcc7.patch \
%D%/packages/patches/libmhash-hmac-fix-uaf.patch \
%D%/packages/patches/mediastreamer2-srtp2.patch \
%D%/packages/patches/mesa-skip-disk-cache-test.patch \
%D%/packages/patches/mescc-tools-boot.patch \

View file

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2014, 2020 Eric Bavier <bavier@posteo.net>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
@ -94,7 +94,8 @@ (define-public libmhash
(sha256
(base32
"1w7yiljan8gf1ibiypi6hm3r363imm3sxl1j8hapjdq3m591qljn"))
(patches (search-patches "mhash-keygen-test-segfault.patch"))))
(patches (search-patches "mhash-keygen-test-segfault.patch"
"libmhash-hmac-fix-uaf.patch"))))
(build-system gnu-build-system)
(native-inputs
`(("perl" ,perl))) ;for tests

View file

@ -0,0 +1,22 @@
--- mhash-0.9.9.9/src/hmac_test.c 2020-08-20 14:53:06.628995733 -0500
+++ mhash-0.9.9.9/src/hmac_test.c 2020-08-20 14:53:39.424885862 -0500
@@ -72,8 +72,6 @@
return(MUTILS_INVALID_RESULT);
}
- mutils_free(tmp);
-
/* Test No 2 */
mutils_memset(tmp, 0, sizeof(tmp));
--- mhash-0.9.9.9/src/keygen_test.c 2020-08-20 14:53:12.940974589 -0500
+++ mhash-0.9.9.9/src/keygen_test.c 2020-08-20 14:53:59.736817812 -0500
@@ -94,8 +94,6 @@
return(MUTILS_INVALID_RESULT);
}
- mutils_free(tmp);
-
passlen = sizeof(PASSWORD2);
password = (mutils_word8 *) mutils_malloc(passlen + 1);
mutils_strncpy(password, (mutils_word8 *) PASSWORD2, passlen);