mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

botan: patch CVE-2024-34703

Browse Source 
Details https://nvd.nist.gov/vuln/detail/CVE-2024-34703

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Ankur Tyagi
2025-11-13 19:19:13 +13:00
committed by Anuj Mittal
parent 5e2e28b4ab
commit 72cf12a3c7
2 changed files with 41 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-crypto/botan/botan/CVE-2024-34703.patch
+38
View File
@@ -0,0 +1,38 @@
From 59d92780f79c73d735c71620adef40bb13a87ce2 Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack@randombit.net>
Date: Tue, 20 Feb 2024 06:30:10 -0500
Subject: [PATCH] When decoding an arbitrary elliptic curve, set an upper bound
on length
Otherwise it's trivial to send a very large prime, which can take a
significant amount of computation to check.
Reported by Bing Shi
CVE: CVE-2024-34703
Upstream-Status: Backport [https://github.com/randombit/botan/pull/3913/commits/fbe9ec578a8548958677224d2e60d2c2c838bc9a]
(cherry picked from commit fbe9ec578a8548958677224d2e60d2c2c838bc9a)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
src/lib/pubkey/ec_group/ec_group.cpp | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp
index eb4ed90e2..beaeedd51 100644
--- a/src/lib/pubkey/ec_group/ec_group.cpp
+++ b/src/lib/pubkey/ec_group/ec_group.cpp
@@ -357,8 +357,12 @@ std::pair<std::shared_ptr<EC_Group_Data>, bool> EC_Group::BER_decode_EC_group(co
.end_cons()
.verify_end();
- if(p.bits() < 64 || p.is_negative() || !is_bailie_psw_probable_prime(p)) {
- throw Decoding_Error("Invalid ECC p parameter");
+ if(p.bits() < 112 || p.bits() > 1024) {
+ throw Decoding_Error("ECC p parameter is invalid size");
+ }
+
+ if(p.is_negative() || !is_bailie_psw_probable_prime(p)) {
+ throw Decoding_Error("ECC p parameter is not a prime");
}
if(a.is_negative() || a >= p) {
meta-oe/recipes-crypto/botan/botan_3.2.0.bb
+3 -1
View File
@@ -4,7 +4,9 @@ LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://license.txt;md5=f5254d3abe90ec5bb82c5694ff751546"
SECTION = "libs"
SRC_URI = "https://botan.randombit.net/releases/Botan-${PV}.tar.xz"
SRC_URI = "https://botan.randombit.net/releases/Botan-${PV}.tar.xz \
file://CVE-2024-34703.patch \
"
SRC_URI[sha256sum] = "049c847835fcf6ef3a9e206b33de05dd38999c325e247482772a5598d9e5ece3"
S = "${WORKDIR}/Botan-${PV}"