* [Buildroot] [PATCH v2 1/1] package/hostapd: fix build with CVE-2021-30004 changes
@ 2021-05-20 5:48 Sergey Matyukevich
2021-05-20 9:15 ` Yann E. MORIN
0 siblings, 1 reply; 4+ messages in thread
From: Sergey Matyukevich @ 2021-05-20 5:48 UTC (permalink / raw)
To: buildroot
Commit d65586f45a22 ("package/hostapd: add upstream patch to fix
CVE-2021-30004") added security patch from hostapd upstream without
required ASN.1 helpers. Backport and adapt two commits from the
hostapd upstream to add missing headers and helpers.
Fixes:
http://autobuild.buildroot.net/results/8f56cf556efbf447633ce873a21635f5adbc3cd2/
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
---
...dbool.h-to-allow-C99-bool-to-be-used.patch | 32 +++++++++++++++++
.../0004-ASN.1-add-asn1_is_null-helper.patch | 34 +++++++++++++++++++
2 files changed, 66 insertions(+)
create mode 100644 package/hostapd/0003-Include-stdbool.h-to-allow-C99-bool-to-be-used.patch
create mode 100644 package/hostapd/0004-ASN.1-add-asn1_is_null-helper.patch
diff --git a/package/hostapd/0003-Include-stdbool.h-to-allow-C99-bool-to-be-used.patch b/package/hostapd/0003-Include-stdbool.h-to-allow-C99-bool-to-be-used.patch
new file mode 100644
index 0000000000..74bd85f2af
--- /dev/null
+++ b/package/hostapd/0003-Include-stdbool.h-to-allow-C99-bool-to-be-used.patch
@@ -0,0 +1,32 @@
+From b2feaf8fc6f3b1bed6c17cb1871889c66a2877dc Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@codeaurora.org>
+Date: Mon, 20 Apr 2020 20:29:31 +0300
+Subject: [PATCH 3/4] Include stdbool.h to allow C99 bool to be used
+
+We have practically started requiring some C99 features, so might as
+well finally go ahead and bring in the C99 bool as well.
+
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
+
+Backport of commit 99cf89555313 ("Include stdbool.h to allow C99 bool
+to be used") to hostapd v2.9.
+---
+ src/utils/includes.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/utils/includes.h b/src/utils/includes.h
+index 75513fc8c..741fc9c14 100644
+--- a/src/utils/includes.h
++++ b/src/utils/includes.h
+@@ -18,6 +18,7 @@
+
+ #include <stdlib.h>
+ #include <stddef.h>
++#include <stdbool.h>
+ #include <stdio.h>
+ #include <stdarg.h>
+ #include <string.h>
+--
+2.31.1
+
diff --git a/package/hostapd/0004-ASN.1-add-asn1_is_null-helper.patch b/package/hostapd/0004-ASN.1-add-asn1_is_null-helper.patch
new file mode 100644
index 0000000000..62e77e28ae
--- /dev/null
+++ b/package/hostapd/0004-ASN.1-add-asn1_is_null-helper.patch
@@ -0,0 +1,34 @@
+From 93179bfeed9282c5a17fc62f6cafaf9d95f91f3f Mon Sep 17 00:00:00 2001
+From: Sergey Matyukevich <geomatsi@gmail.com>
+Date: Thu, 20 May 2021 08:29:55 +0300
+Subject: [PATCH 4/4] ASN.1: add asn1_is_null helper
+
+Partially backport commit 9a990e8c4eb9 ("ASN.1: Add helper functions for
+recognizing tag values") to hostapd v2.9: add ASN.1 helper required to
+backport CVE-2021-30004 fix.
+
+Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
+---
+ src/tls/asn1.h | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/tls/asn1.h b/src/tls/asn1.h
+index 6bd7df565..77b94ef34 100644
+--- a/src/tls/asn1.h
++++ b/src/tls/asn1.h
+@@ -66,6 +66,12 @@ void asn1_oid_to_str(const struct asn1_oid *oid, char *buf, size_t len);
+ unsigned long asn1_bit_string_to_long(const u8 *buf, size_t len);
+ int asn1_oid_equal(const struct asn1_oid *a, const struct asn1_oid *b);
+
++static inline bool asn1_is_null(const struct asn1_hdr *hdr)
++{
++ return hdr->class == ASN1_CLASS_UNIVERSAL &&
++ hdr->tag == ASN1_TAG_NULL;
++}
++
+ extern struct asn1_oid asn1_sha1_oid;
+ extern struct asn1_oid asn1_sha256_oid;
+
+--
+2.31.1
+
--
2.31.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH v2 1/1] package/hostapd: fix build with CVE-2021-30004 changes
2021-05-20 5:48 [Buildroot] [PATCH v2 1/1] package/hostapd: fix build with CVE-2021-30004 changes Sergey Matyukevich
@ 2021-05-20 9:15 ` Yann E. MORIN
2021-05-20 13:45 ` Sergey Matyukevich
2021-05-23 18:28 ` Peter Korsgaard
0 siblings, 2 replies; 4+ messages in thread
From: Yann E. MORIN @ 2021-05-20 9:15 UTC (permalink / raw)
To: buildroot
Sergey, All,
On 2021-05-20 08:48 +0300, Sergey Matyukevich spake thusly:
> Commit d65586f45a22 ("package/hostapd: add upstream patch to fix
> CVE-2021-30004") added security patch from hostapd upstream without
> required ASN.1 helpers. Backport and adapt two commits from the
> hostapd upstream to add missing headers and helpers.
>
> Fixes:
> http://autobuild.buildroot.net/results/8f56cf556efbf447633ce873a21635f5adbc3cd2/
>
> Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Applied to master, thanks.
I've slightly adapated the commits, as we do nmot want the numbering in
the patches, and I took the opportunity to slightly update the
backports.
While at it, I noticed that wpa_supplicant is also impacted by
CVE-2021-30004, and we have backported a few patches too:
a8fbe67b9b16 package/wpa_supplicant: add upstream patch to fix CVE-2021-30004
And those patches also contain references to asn1_is_null(). I could not
find any autobuilder issu about that, though... Could you check if we
also need to carry similar patches for wpa_supplicant, please?
Thanks! :-)
Regards,
Yann E. MORIN.
> ---
> ...dbool.h-to-allow-C99-bool-to-be-used.patch | 32 +++++++++++++++++
> .../0004-ASN.1-add-asn1_is_null-helper.patch | 34 +++++++++++++++++++
> 2 files changed, 66 insertions(+)
> create mode 100644 package/hostapd/0003-Include-stdbool.h-to-allow-C99-bool-to-be-used.patch
> create mode 100644 package/hostapd/0004-ASN.1-add-asn1_is_null-helper.patch
>
> diff --git a/package/hostapd/0003-Include-stdbool.h-to-allow-C99-bool-to-be-used.patch b/package/hostapd/0003-Include-stdbool.h-to-allow-C99-bool-to-be-used.patch
> new file mode 100644
> index 0000000000..74bd85f2af
> --- /dev/null
> +++ b/package/hostapd/0003-Include-stdbool.h-to-allow-C99-bool-to-be-used.patch
> @@ -0,0 +1,32 @@
> +From b2feaf8fc6f3b1bed6c17cb1871889c66a2877dc Mon Sep 17 00:00:00 2001
> +From: Jouni Malinen <jouni@codeaurora.org>
> +Date: Mon, 20 Apr 2020 20:29:31 +0300
> +Subject: [PATCH 3/4] Include stdbool.h to allow C99 bool to be used
> +
> +We have practically started requiring some C99 features, so might as
> +well finally go ahead and bring in the C99 bool as well.
> +
> +Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
> +Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
> +
> +Backport of commit 99cf89555313 ("Include stdbool.h to allow C99 bool
> +to be used") to hostapd v2.9.
> +---
> + src/utils/includes.h | 1 +
> + 1 file changed, 1 insertion(+)
> +
> +diff --git a/src/utils/includes.h b/src/utils/includes.h
> +index 75513fc8c..741fc9c14 100644
> +--- a/src/utils/includes.h
> ++++ b/src/utils/includes.h
> +@@ -18,6 +18,7 @@
> +
> + #include <stdlib.h>
> + #include <stddef.h>
> ++#include <stdbool.h>
> + #include <stdio.h>
> + #include <stdarg.h>
> + #include <string.h>
> +--
> +2.31.1
> +
> diff --git a/package/hostapd/0004-ASN.1-add-asn1_is_null-helper.patch b/package/hostapd/0004-ASN.1-add-asn1_is_null-helper.patch
> new file mode 100644
> index 0000000000..62e77e28ae
> --- /dev/null
> +++ b/package/hostapd/0004-ASN.1-add-asn1_is_null-helper.patch
> @@ -0,0 +1,34 @@
> +From 93179bfeed9282c5a17fc62f6cafaf9d95f91f3f Mon Sep 17 00:00:00 2001
> +From: Sergey Matyukevich <geomatsi@gmail.com>
> +Date: Thu, 20 May 2021 08:29:55 +0300
> +Subject: [PATCH 4/4] ASN.1: add asn1_is_null helper
> +
> +Partially backport commit 9a990e8c4eb9 ("ASN.1: Add helper functions for
> +recognizing tag values") to hostapd v2.9: add ASN.1 helper required to
> +backport CVE-2021-30004 fix.
> +
> +Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
> +---
> + src/tls/asn1.h | 6 ++++++
> + 1 file changed, 6 insertions(+)
> +
> +diff --git a/src/tls/asn1.h b/src/tls/asn1.h
> +index 6bd7df565..77b94ef34 100644
> +--- a/src/tls/asn1.h
> ++++ b/src/tls/asn1.h
> +@@ -66,6 +66,12 @@ void asn1_oid_to_str(const struct asn1_oid *oid, char *buf, size_t len);
> + unsigned long asn1_bit_string_to_long(const u8 *buf, size_t len);
> + int asn1_oid_equal(const struct asn1_oid *a, const struct asn1_oid *b);
> +
> ++static inline bool asn1_is_null(const struct asn1_hdr *hdr)
> ++{
> ++ return hdr->class == ASN1_CLASS_UNIVERSAL &&
> ++ hdr->tag == ASN1_TAG_NULL;
> ++}
> ++
> + extern struct asn1_oid asn1_sha1_oid;
> + extern struct asn1_oid asn1_sha256_oid;
> +
> +--
> +2.31.1
> +
> --
> 2.31.1
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH v2 1/1] package/hostapd: fix build with CVE-2021-30004 changes
2021-05-20 9:15 ` Yann E. MORIN
@ 2021-05-20 13:45 ` Sergey Matyukevich
2021-05-23 18:28 ` Peter Korsgaard
1 sibling, 0 replies; 4+ messages in thread
From: Sergey Matyukevich @ 2021-05-20 13:45 UTC (permalink / raw)
To: buildroot
Hello Yann,
> > Commit d65586f45a22 ("package/hostapd: add upstream patch to fix
> > CVE-2021-30004") added security patch from hostapd upstream without
> > required ASN.1 helpers. Backport and adapt two commits from the
> > hostapd upstream to add missing headers and helpers.
> >
> > Fixes:
> > http://autobuild.buildroot.net/results/8f56cf556efbf447633ce873a21635f5adbc3cd2/
> >
> > Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
>
> Applied to master, thanks.
>
> I've slightly adapated the commits, as we do nmot want the numbering in
> the patches, and I took the opportunity to slightly update the
> backports.
>
> While at it, I noticed that wpa_supplicant is also impacted by
> CVE-2021-30004, and we have backported a few patches too:
>
> a8fbe67b9b16 package/wpa_supplicant: add upstream patch to fix CVE-2021-30004
>
> And those patches also contain references to asn1_is_null(). I could not
> find any autobuilder issu about that, though... Could you check if we
> also need to carry similar patches for wpa_supplicant, please?
Yes, wpa_supplicant also fails in a similar configuration.
I will check the same fix and send a patch.
Regards,
Sergey
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH v2 1/1] package/hostapd: fix build with CVE-2021-30004 changes
2021-05-20 9:15 ` Yann E. MORIN
2021-05-20 13:45 ` Sergey Matyukevich
@ 2021-05-23 18:28 ` Peter Korsgaard
1 sibling, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2021-05-23 18:28 UTC (permalink / raw)
To: buildroot
>>>>> "Yann" == Yann E MORIN <yann.morin.1998@free.fr> writes:
> Sergey, All,
> On 2021-05-20 08:48 +0300, Sergey Matyukevich spake thusly:
>> Commit d65586f45a22 ("package/hostapd: add upstream patch to fix
>> CVE-2021-30004") added security patch from hostapd upstream without
>> required ASN.1 helpers. Backport and adapt two commits from the
>> hostapd upstream to add missing headers and helpers.
>>
>> Fixes:
>> http://autobuild.buildroot.net/results/8f56cf556efbf447633ce873a21635f5adbc3cd2/
>>
>> Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
> Applied to master, thanks.
Committed to 2021.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-05-23 18:28 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-20 5:48 [Buildroot] [PATCH v2 1/1] package/hostapd: fix build with CVE-2021-30004 changes Sergey Matyukevich
2021-05-20 9:15 ` Yann E. MORIN
2021-05-20 13:45 ` Sergey Matyukevich
2021-05-23 18:28 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.