refix cve-2023-50967

2025-04-15 10:11:52 +08:00 · 2025-04-15 10:11:52 +08:00 · 86d867dcc6
commit 86d867dcc6
parent e4fbaea280
2 changed files with 48 additions and 1 deletions
--- a/back-port-CVE-2023-50967-2.patch
+++ b/back-port-CVE-2023-50967-2.patch
@ -0,0 +1,40 @@
+diff -Naur jose-11-bak/lib/openssl/pbes2.c jose-11/lib/openssl/pbes2.c
+--- jose-11-bak/lib/openssl/pbes2.c	2021-05-07 21:12:42.266277800 +0800
+++ jose-11/lib/openssl/pbes2.c	2025-04-14 16:20:13.338332563 +0800
+@@ -25,6 +25,8 @@
+ #include <string.h>
+ 
+ #define NAMES "PBES2-HS256+A128KW", "PBES2-HS384+A192KW", "PBES2-HS512+A256KW"
+#define P2C_MIN_ITERATIONS 1000
+#define P2C_MAX_ITERATIONS 32768
+ 
+ static json_t *
+ pbkdf2(const char *alg, jose_cfg_t *cfg, const json_t *jwk, int iter,
+@@ -193,7 +195,7 @@
+     json_auto_t *hdr = NULL;
+     const char *aes = NULL;
+     json_t *h = NULL;
+-    int p2c = 10000;
+    int p2c = P2C_MAX_ITERATIONS;
+     size_t stl = 0;
+ 
+     if (!json_object_get(cek, "k") && !jose_jwk_gen(cfg, cek))
+@@ -226,7 +228,7 @@
+         json_object_set_new(h, "p2c", json_integer(p2c)) < 0)
+         return false;
+ 
+-    if (p2c < 1000)
+    if (p2c < P2C_MIN_ITERATIONS || p2c > P2C_MAX_ITERATIONS)	    
+         return false;
+ 
+     if (json_object_set_new(h, "p2s", jose_b64_enc(st, stl)) == -1)
+@@ -268,6 +270,9 @@
+     if (json_unpack(hdr, "{s:I}", "p2c", &p2c) == -1)
+         return false;
+ 
+    if (p2c > P2C_MAX_ITERATIONS)
+        return false;	    
+
+     stl = jose_b64_dec(json_object_get(hdr, "p2s"), NULL, 0);
+     if (stl < 8 || stl > sizeof(st))
+         return false;
--- a/jose.spec
+++ b/jose.spec
@ -1,11 +1,12 @@
 Name:           jose
 Version:        11
-Release:        2
+Release:        3
 Summary:        José is a command line utility for performing various tasks on JSON  objects
 License:        ASL 2.0
 URL:            https://github.com/latchset/%{name}
 Source0:        https://github.com/latchset/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.xz
 Patch001:	back-port-CVE-2023-50967.patch
+Patch002:    back-port-CVE-2023-50967-2.patch

 BuildRequires:  pkgconfig, gcc, openssl-devel, zlib-devel, meson, ninja-build, asciidoc
 BuildRequires:  jansson-devel >= 2.10
@ -82,6 +83,12 @@ rm -rf %{buildroot}/%{_libdir}/lib%{name}.la


 %changelog
+* Wed Apr 16 2025 lijian<lijian01@kylinos.cn> - 11-3
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC: refix CVE-2023-50967 
+
 * Sun Apr 7 2024 licihua<licihua@huawei.com> - 11-2
 - Type:bugfix
 - ID:NA