gnu: libmhash: Fix use-after-free in tests.

* gnu/packages/patches/libmhash-hmac-fix-uaf.patch: New patch. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/mcrypt.scm (libmhash)[source]: Use it.
2023-12-14 03:33:07 +01:00 · 2020-08-20 15:27:33 -05:00 · 2020-08-20 15:27:33 -05:00 · 1cc75fef12
commit 1cc75fef12
parent c6443c2c8f
3 changed files with 26 additions and 2 deletions
--- a/gnu/local.mk
+++ b/gnu/local.mk
@ -1295,6 +1295,7 @@ dist_patch_DATA =						\
  %D%/packages/patches/mcrypt-CVE-2012-4426.patch			\
  %D%/packages/patches/mcrypt-CVE-2012-4527.patch			\
  %D%/packages/patches/libmemcached-build-with-gcc7.patch	\
+  %D%/packages/patches/libmhash-hmac-fix-uaf.patch		\
  %D%/packages/patches/mediastreamer2-srtp2.patch		\
  %D%/packages/patches/mesa-skip-disk-cache-test.patch		\
  %D%/packages/patches/mescc-tools-boot.patch			\
--- a/gnu/packages/mcrypt.scm
+++ b/gnu/packages/mcrypt.scm
@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
+;;; Copyright © 2014, 2020 Eric Bavier <bavier@posteo.net>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
@ -94,7 +94,8 @@ XTEA, 3WAY, TWOFISH, BLOWFISH, ARCFOUR, WAKE and more.")
      (sha256
       (base32
        "1w7yiljan8gf1ibiypi6hm3r363imm3sxl1j8hapjdq3m591qljn"))
-      (patches (search-patches "mhash-keygen-test-segfault.patch"))))
+      (patches (search-patches "mhash-keygen-test-segfault.patch"
+                               "libmhash-hmac-fix-uaf.patch"))))
    (build-system gnu-build-system)
    (native-inputs
     `(("perl" ,perl)))                 ;for tests
--- a/gnu/packages/patches/libmhash-hmac-fix-uaf.patch
+++ b/gnu/packages/patches/libmhash-hmac-fix-uaf.patch
@ -0,0 +1,22 @@
+--- mhash-0.9.9.9/src/hmac_test.c	2020-08-20 14:53:06.628995733 -0500
+++ mhash-0.9.9.9/src/hmac_test.c	2020-08-20 14:53:39.424885862 -0500
+@@ -72,8 +72,6 @@
+ 		return(MUTILS_INVALID_RESULT);
+ 	}
+ 
+-	mutils_free(tmp);
+-
+ 	/* Test No 2 */	
+ 	
+ 	mutils_memset(tmp, 0, sizeof(tmp));
+--- mhash-0.9.9.9/src/keygen_test.c	2020-08-20 14:53:12.940974589 -0500
+++ mhash-0.9.9.9/src/keygen_test.c	2020-08-20 14:53:59.736817812 -0500
+@@ -94,8 +94,6 @@
+ 		return(MUTILS_INVALID_RESULT);
+ 	}
+ 
+-	mutils_free(tmp);
+-
+ 	passlen = sizeof(PASSWORD2);
+ 	password = (mutils_word8 *) mutils_malloc(passlen + 1);
+ 	mutils_strncpy(password, (mutils_word8 *) PASSWORD2, passlen);