packages/jose
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refix cve-2023-50967

Browse Source
This commit is contained in:
fortunate-lee 2025-04-15 10:11:52 +08:00
parent e4fbaea280
commit 86d867dcc6
2 changed files with 48 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
back-port-CVE-2023-50967-2.patch Normal file
View File

@ -0,0 +1,40 @@
diff -Naur jose-11-bak/lib/openssl/pbes2.c jose-11/lib/openssl/pbes2.c
--- jose-11-bak/lib/openssl/pbes2.c 2021-05-07 21:12:42.266277800 +0800
+++ jose-11/lib/openssl/pbes2.c 2025-04-14 16:20:13.338332563 +0800
@@ -25,6 +25,8 @@
#include <string.h>
#define NAMES "PBES2-HS256+A128KW", "PBES2-HS384+A192KW", "PBES2-HS512+A256KW"
+#define P2C_MIN_ITERATIONS 1000
+#define P2C_MAX_ITERATIONS 32768
static json_t *
pbkdf2(const char *alg, jose_cfg_t *cfg, const json_t *jwk, int iter,
@@ -193,7 +195,7 @@
json_auto_t *hdr = NULL;
const char *aes = NULL;
json_t *h = NULL;
- int p2c = 10000;
+ int p2c = P2C_MAX_ITERATIONS;
size_t stl = 0;
if (!json_object_get(cek, "k") && !jose_jwk_gen(cfg, cek))
@@ -226,7 +228,7 @@
json_object_set_new(h, "p2c", json_integer(p2c)) < 0)
return false;
- if (p2c < 1000)
+ if (p2c < P2C_MIN_ITERATIONS || p2c > P2C_MAX_ITERATIONS)
return false;
if (json_object_set_new(h, "p2s", jose_b64_enc(st, stl)) == -1)
@@ -268,6 +270,9 @@
if (json_unpack(hdr, "{s:I}", "p2c", &p2c) == -1)
return false;
+ if (p2c > P2C_MAX_ITERATIONS)
+ return false;
+
stl = jose_b64_dec(json_object_get(hdr, "p2s"), NULL, 0);
if (stl < 8 || stl > sizeof(st))
return false;

9
jose.spec
View File

@ -1,11 +1,12 @@
Name: jose Name: jose
Version: 11 Version: 11
Release: 2 Release: 3
Summary: José is a command line utility for performing various tasks on JSON objects Summary: José is a command line utility for performing various tasks on JSON objects
License: ASL 2.0 License: ASL 2.0
URL: https://github.com/latchset/%{name} URL: https://github.com/latchset/%{name}
Source0: https://github.com/latchset/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.xz Source0: https://github.com/latchset/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.xz
Patch001: back-port-CVE-2023-50967.patch Patch001: back-port-CVE-2023-50967.patch
Patch002: back-port-CVE-2023-50967-2.patch
BuildRequires: pkgconfig, gcc, openssl-devel, zlib-devel, meson, ninja-build, asciidoc BuildRequires: pkgconfig, gcc, openssl-devel, zlib-devel, meson, ninja-build, asciidoc
BuildRequires: jansson-devel >= 2.10 BuildRequires: jansson-devel >= 2.10
@ -82,6 +83,12 @@ rm -rf %{buildroot}/%{_libdir}/lib%{name}.la
%changelog %changelog
* Wed Apr 16 2025 lijian<lijian01@kylinos.cn> - 11-3
- Type:bugfix
- ID:NA
- SUG:NA
- DESC: refix CVE-2023-50967
* Sun Apr 7 2024 licihua<licihua@huawei.com> - 11-2 * Sun Apr 7 2024 licihua<licihua@huawei.com> - 11-2
- Type:bugfix - Type:bugfix
- ID:NA - ID:NA