diff options
Diffstat (limited to 'debian/patches/1270_nx-X11_CVE-2017-2624-Use-timingsafe_memcmp-to-c.full.patch')
-rw-r--r-- | debian/patches/1270_nx-X11_CVE-2017-2624-Use-timingsafe_memcmp-to-c.full.patch | 162 |
1 files changed, 0 insertions, 162 deletions
diff --git a/debian/patches/1270_nx-X11_CVE-2017-2624-Use-timingsafe_memcmp-to-c.full.patch b/debian/patches/1270_nx-X11_CVE-2017-2624-Use-timingsafe_memcmp-to-c.full.patch deleted file mode 100644 index 2528ebbbd..000000000 --- a/debian/patches/1270_nx-X11_CVE-2017-2624-Use-timingsafe_memcmp-to-c.full.patch +++ /dev/null @@ -1,162 +0,0 @@ -commit 65c5d8ad7a46a83338c23dee66e208a014c3d3d2 -Author: Ulrich Sibiller <uli42@gmx.de> -Date: Fri Mar 3 22:46:33 2017 +0100 - - Backport CVE-2017-2624 (timingsafe_memcmp) - - Fixes ArcticaProject/nx-libs#365 - - These two commits: - - commit 5c44169caed811e59a65ba346de1cadb46d266ec - Author: Adam Jackson <ajax@redhat.com> - Date: Thu Mar 2 17:20:30 2017 -0500 - - os: Squash missing declaration warning for timingsafe_memcmp - - timingsafe_memcmp.c:21:1: warning: no previous prototype for ‘timingsafe_memcmp’ [-Wmissing-prototypes] - timingsafe_memcmp(const void *b1, const void *b2, size_t len) - - Signed-off-by: Adam Jackson <ajax@redhat.com> - - commit d7ac755f0b618eb1259d93c8a16ec6e39a18627c - Author: Matthieu Herrb <matthieu@herrb.eu> - Date: Tue Feb 28 19:18:25 2017 +0100 - - Use timingsafe_memcmp() to compare MIT-MAGIC-COOKIES CVE-2017-2624 - - Provide the function definition for systems that don't have it. - - Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> - - Backported from Arctica GH 3.6.x branch. - - v2: backport to nx-libs 3.6.x (Ulrich Sibiller) - v3: backport to nx-libs 3.5.0.x (Mihai Moldovan) - -commit 22f542626cf9935fd55a899e21144111e481542c -Author: Ulrich Sibiller <uli42@gmx.de> -Date: Sat Mar 4 16:10:38 2017 +0100 - - os: add timingsafe_memcmp to Imake - - There might be some library linking missing on platforms that deliver - timingsafe_memcmp but I cannot test that here. - - Backported from Arctica GH 3.6.x branch. - - v2: backport to nx-libs 3.5.0.x (Mihai Moldovan) ---- a/nx-X11/config/cf/Imake.tmpl -+++ b/nx-X11/config/cf/Imake.tmpl -@@ -484,6 +484,9 @@ XCOMM the platform-specific parameters - - #ifndef HasBasename - #define HasBasename YES - #endif -+#ifndef HasTimingsafeMemcmp -+#define HasTimingsafeMemcmp NO /* assume not */ -+#endif - #ifndef HasGetopt - # if !defined(Win32Architecture) && !defined(OS2Architecture) - # define HasGetopt YES ---- a/nx-X11/programs/Xserver/include/os.h -+++ b/nx-X11/programs/Xserver/include/os.h -@@ -480,6 +480,11 @@ extern void AbortDDX(void); - extern void ddxGiveUp(void); - extern int TimeSinceLastInputEvent(void); - -+#ifndef HAVE_TIMINGSAFE_MEMCMP -+extern _X_EXPORT int -+timingsafe_memcmp(const void *b1, const void *b2, size_t len); -+#endif -+ - /* Logging. */ - typedef enum _LogParameter { - XLOG_FLUSH, ---- a/nx-X11/programs/Xserver/os/Imakefile -+++ b/nx-X11/programs/Xserver/os/Imakefile -@@ -127,17 +127,22 @@ GETPEER_DEFINES = -DHAS_GETPEEREID - # endif - #endif - -+#if !HasTimingsafeMemcmp -+TMEMCMP_SRCS = timingsafe_memcmp.c -+TMEMCMP_OBJS = timingsafe_memcmp.o -+#endif -+ - BOOTSTRAPCFLAGS = - SRCS = WaitFor.c access.c connection.c io.c $(COLOR_SRCS) \ - osinit.c utils.c log.c auth.c mitauth.c secauth.c \ - $(XDMAUTHSRCS) $(RPCSRCS) $(KRB5SRCS) xdmcp.c OtherSources \ - transport.c $(SNPRINTF_SRCS) $(STRLCAT_SRCS) \ -- $(MALLOC_SRCS) $(LBX_SRCS) xprintf.c -+ $(MALLOC_SRCS) $(LBX_SRCS) xprintf.c $(TMEMCMP_SRCS) - OBJS = WaitFor.o access.o connection.o io.o $(COLOR_OBJS) \ - osinit.o utils.o log.o auth.o mitauth.o secauth.o \ - $(XDMAUTHOBJS) $(RPCOBJS) $(KRB5OBJS) xdmcp.o OtherObjects \ - transport.o $(SNPRINTF_OBJS) $(STRLCAT_OBJS) \ -- $(MALLOC_OBJS) $(LBX_OBJS) xprintf.o -+ $(MALLOC_OBJS) $(LBX_OBJS) xprintf.o $(TMEMCMP_OBJS) - - #if SpecialMalloc - MEM_DEFINES = -DSPECIAL_MALLOC ---- a/nx-X11/programs/Xserver/os/mitauth.c -+++ b/nx-X11/programs/Xserver/os/mitauth.c -@@ -84,7 +84,7 @@ MitCheckCookie ( - - for (auth = mit_auth; auth; auth=auth->next) { - if (data_length == auth->len && -- memcmp (data, auth->data, (int) data_length) == 0) -+ timingsafe_memcmp (data, auth->data, (int) data_length) == 0) - return auth->id; - } - *reason = "Invalid MIT-MAGIC-COOKIE-1 key"; ---- /dev/null -+++ b/nx-X11/programs/Xserver/os/timingsafe_memcmp.c -@@ -0,0 +1,47 @@ -+/* -+ * Copyright (c) 2014 Google Inc. -+ * -+ * Permission to use, copy, modify, and distribute this software for any -+ * purpose with or without fee is hereby granted, provided that the above -+ * copyright notice and this permission notice appear in all copies. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -+ */ -+ -+#include <limits.h> -+#include <string.h> -+#include <X11/Xfuncproto.h> -+#include "os.h" -+ -+int -+timingsafe_memcmp(const void *b1, const void *b2, size_t len) -+{ -+ const unsigned char *p1 = b1, *p2 = b2; -+ size_t i; -+ int res = 0, done = 0; -+ -+ for (i = 0; i < len; i++) { -+ /* lt is -1 if p1[i] < p2[i]; else 0. */ -+ int lt = (p1[i] - p2[i]) >> CHAR_BIT; -+ -+ /* gt is -1 if p1[i] > p2[i]; else 0. */ -+ int gt = (p2[i] - p1[i]) >> CHAR_BIT; -+ -+ /* cmp is 1 if p1[i] > p2[i]; -1 if p1[i] < p2[i]; else 0. */ -+ int cmp = lt - gt; -+ -+ /* set res = cmp if !done. */ -+ res |= cmp & ~done; -+ -+ /* set done if p1[i] != p2[i]. */ -+ done |= lt | gt; -+ } -+ -+ return (res); -+} |