Difuse/telephony
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

libsrtp: add patches that fix 2 CVEs

Browse source 
Patches copied from Debian. They fix:

CVE-2013-2139
CVE-2015-6360

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This commit is contained in:
Sebastian Kemper 2018-01-15 20:03:17 +01:00
parent f9f74ca869
commit bf35dbb05d
3 changed files with 53 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
libs/libsrtp/Makefile
View file

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=libsrtp PKG_NAME:=libsrtp
PKG_VERSION:=1.4.4 PKG_VERSION:=1.4.4
PKG_RELEASE:=1 PKG_RELEASE:=2
PKG_SOURCE:=srtp-$(PKG_VERSION).tgz PKG_SOURCE:=srtp-$(PKG_VERSION).tgz
PKG_SOURCE_URL:=@SF/srtp PKG_SOURCE_URL:=@SF/srtp

39
libs/libsrtp/patches/1009_CVE-2013-2139.patch Normal file
View file

@ -0,0 +1,39 @@
Description: CVE-2013-2139: buffer overflow in application of crypto profiles
Origin: backport,
https://github.com/cisco/libsrtp/pull/27,
https://github.com/cisco/libsrtp/commit/8884f4d8eb4ca7122dfcbd640b933b98ef4bab80,
https://github.com/cisco/libsrtp/commit/8e47faf0f5b90672c7ebf2f0cf0562ee81a8b621,
https://github.com/cisco/libsrtp/commit/0acbb039c12b790621839facf56bfedbd071b74d
Bug: https://github.com/cisco/libsrtp/issues/24
Bug-Debian: http://bugs.debian.org/711163
Forwarded: not-needed
Author: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2014-01-02
--- a/srtp/srtp.c
+++ b/srtp/srtp.c
@@ -1807,15 +1807,12 @@
switch(profile) {
case srtp_profile_aes128_cm_sha1_80:
crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
break;
case srtp_profile_aes128_cm_sha1_32:
crypto_policy_set_aes_cm_128_hmac_sha1_32(policy);
- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
break;
case srtp_profile_null_sha1_80:
crypto_policy_set_null_cipher_hmac_sha1_80(policy);
- crypto_policy_set_null_cipher_hmac_sha1_80(policy);
break;
/* the following profiles are not (yet) supported */
case srtp_profile_null_sha1_32:
@@ -1838,6 +1835,8 @@
crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
break;
case srtp_profile_aes128_cm_sha1_32:
+ /* We do not honor the 32-bit auth tag request since
+ * this is not compliant with RFC 3711 */
crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
break;
case srtp_profile_null_sha1_80:

13
libs/libsrtp/patches/1010-CVE-2015-6360-1.patch Normal file
View file

@ -0,0 +1,13 @@
Index: srtp-1.4.4~dfsg/srtp/srtp.c
===================================================================
--- srtp-1.4.4~dfsg.orig/srtp/srtp.c 2016-01-17 19:49:52.000000000 +0100
+++ srtp-1.4.4~dfsg/srtp/srtp.c 2016-01-17 22:50:43.000000000 +0100
@@ -938,6 +938,8 @@
srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;
enc_start += (ntohs(xtn_hdr->length) + 1);
}
+ if (!((uint8_t*)enc_start < (uint8_t*)hdr + (*pkt_octet_len - tag_len)))
+ return err_status_parse_err;
enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len
- ((enc_start - (uint32_t *)hdr) << 2));
} else {