From cf7acb87cad4bf6f18acc9b1bd531ffdc47f2793 Mon Sep 17 00:00:00 2001 From: Archana Choudhary <36061892+arc9693@users.noreply.github.com> Date: Tue, 30 Jul 2024 21:24:42 +0530 Subject: [PATCH] libcontainers-common: patch CVE-2021-43565 (#9888) Co-authored-by: Riken Maharjan <106988478+rikenm1@users.noreply.github.com> Co-authored-by: Riken Maharjan (cherry picked from commit 8edb8cff5ca6d1fabe9be71996b7a78d2dfaec56) --- .../libcontainers-common/CVE-2021-43565.patch | 56 +++++++++++++++++++ .../libcontainers-common.spec | 8 ++- 2 files changed, 63 insertions(+), 1 deletion(-) create mode 100644 SPECS/libcontainers-common/CVE-2021-43565.patch diff --git a/SPECS/libcontainers-common/CVE-2021-43565.patch b/SPECS/libcontainers-common/CVE-2021-43565.patch new file mode 100644 index 00000000000..b7e53a2580a --- /dev/null +++ b/SPECS/libcontainers-common/CVE-2021-43565.patch @@ -0,0 +1,56 @@ +From 5770296d904e90f15f38f77dfc2e43fdf5efc083 Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Tue, 9 Nov 2021 11:45:57 -0800 +Subject: [PATCH] ssh: don't assume packet plaintext size + +When reading GCM and ChaChaPoly1305 packets, don't make assumptions +about the size of the enciphered plaintext. This fixes two panics +caused by standards non-compliant malformed packets. + +Thanks to Rod Hynes, Psiphon Inc. for reporting this issue. + +Fixes golang/go#49932 +Fixes CVE-2021-43565 + +Change-Id: I660cff39d197e0d04ec44d11d792b22d954df2ef +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1262659 +Reviewed-by: Katie Hockman +Reviewed-by: Julie Qiu +Reviewed-on: https://go-review.googlesource.com/c/crypto/+/368814 +Trust: Roland Shoemaker +Trust: Katie Hockman +Run-TryBot: Roland Shoemaker +TryBot-Result: Gopher Robot +Reviewed-by: Julie Qiu +Reviewed-by: Katie Hockman +--- + ssh/cipher.go | 8 ++++ + ssh/cipher_test.go | 100 +++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 108 insertions(+) + +diff --git a/vendor/golang.org/x/crypto/ssh/cipher.go b/vendor/golang.org/x/crypto/ssh/cipher.go +index bddbde5dbd..f8bdf4984c 100644 +--- a/vendor/golang.org/x/crypto/ssh/cipher.go ++++ b/vendor/golang.org/x/crypto/ssh/cipher.go +@@ -394,6 +394,10 @@ func (c *gcmCipher) readCipherPacket(seqNum uint32, r io.Reader) ([]byte, error) + } + c.incIV() + ++ if len(plain) == 0 { ++ return nil, errors.New("ssh: empty packet") ++ } ++ + padding := plain[0] + if padding < 4 { + // padding is a byte, so it automatically satisfies +@@ -710,6 +714,10 @@ func (c *chacha20Poly1305Cipher) readCipherPacket(seqNum uint32, r io.Reader) ([ + plain := c.buf[4:contentEnd] + s.XORKeyStream(plain, plain) + ++ if len(plain) == 0 { ++ return nil, errors.New("ssh: empty packet") ++ } ++ + padding := plain[0] + if padding < 4 { + // padding is a byte, so it automatically satisfies diff --git a/SPECS/libcontainers-common/libcontainers-common.spec b/SPECS/libcontainers-common/libcontainers-common.spec index 8172b4094ad..40853cdd173 100644 --- a/SPECS/libcontainers-common/libcontainers-common.spec +++ b/SPECS/libcontainers-common/libcontainers-common.spec @@ -26,7 +26,7 @@ Summary: Configuration files common to github.com/containers Name: libcontainers-common Version: 20210626 -Release: 4%{?dist} +Release: 5%{?dist} License: ASL 2.0 AND GPLv3 Vendor: Microsoft Corporation Distribution: Mariner @@ -50,6 +50,7 @@ Source10: containers.conf Patch0: CVE-2021-44716.patch #Note (mfrw): The patch for CVE-2024-37298 only applies to podman. Patch1: CVE-2024-37298.patch +Patch2: CVE-2021-43565.patch BuildRequires: go-go-md2man Requires(post): grep Requires(post): util-linux @@ -70,7 +71,9 @@ github.com/containers libraries, such as Buildah, CRI-O, Podman and Skopeo. %setup -q -T -D -b 9 -n common-%{commonver} %patch 0 -p1 + # copy the LICENSE file in the build root +%patch 2 -p1 -d ../podman-%{podmanver} cd .. cp %{SOURCE2} . @@ -165,6 +168,9 @@ fi %license LICENSE %changelog +* Mon Jul 29 2024 Archana Choudhary - 20210626-5 +- Patch CVE-2021-43565 + * Wed Jul 24 2024 Muhammad Falak - 20210526-4 - Address CVE-2024-37298 by patching vendored github.com/gorilla/schema