diff mbox series

[meta-oe,scarthgap,38/38] botan: patch CVE-2024-34703

Message ID 20251113061914.3756301-38-ankur.tyagi85@gmail.com
State New
Headers show
Series [meta-oe,scarthgap,01/38] evtest: upgrade 1.35 -> 1.36 | expand

Commit Message

Ankur Tyagi Nov. 13, 2025, 6:19 a.m. UTC 
From: Ankur Tyagi <ankur.tyagi85@gmail.com>

Details https://nvd.nist.gov/vuln/detail/CVE-2024-34703

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../botan/botan/CVE-2024-34703.patch          | 38 +++++++++++++++++++
 meta-oe/recipes-crypto/botan/botan_3.2.0.bb   |  4 +-
 2 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 meta-oe/recipes-crypto/botan/botan/CVE-2024-34703.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-crypto/botan/botan/CVE-2024-34703.patch b/meta-oe/recipes-crypto/botan/botan/CVE-2024-34703.patch
new file mode 100644
index 0000000000..e3fadc4818
--- /dev/null
+++ b/meta-oe/recipes-crypto/botan/botan/CVE-2024-34703.patch
@@ -0,0 +1,38 @@ 
+From 59d92780f79c73d735c71620adef40bb13a87ce2 Mon Sep 17 00:00:00 2001
+From: Jack Lloyd <jack@randombit.net>
+Date: Tue, 20 Feb 2024 06:30:10 -0500
+Subject: [PATCH] When decoding an arbitrary elliptic curve, set an upper bound
+ on length
+
+Otherwise it's trivial to send a very large prime, which can take a
+significant amount of computation to check.
+
+Reported by Bing Shi
+
+CVE: CVE-2024-34703
+Upstream-Status: Backport [https://github.com/randombit/botan/pull/3913/commits/fbe9ec578a8548958677224d2e60d2c2c838bc9a]
+(cherry picked from commit fbe9ec578a8548958677224d2e60d2c2c838bc9a)
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ src/lib/pubkey/ec_group/ec_group.cpp | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp
+index eb4ed90e2..beaeedd51 100644
+--- a/src/lib/pubkey/ec_group/ec_group.cpp
++++ b/src/lib/pubkey/ec_group/ec_group.cpp
+@@ -357,8 +357,12 @@ std::pair<std::shared_ptr<EC_Group_Data>, bool> EC_Group::BER_decode_EC_group(co
+          .end_cons()
+          .verify_end();
+ 
+-      if(p.bits() < 64 || p.is_negative() || !is_bailie_psw_probable_prime(p)) {
+-         throw Decoding_Error("Invalid ECC p parameter");
++      if(p.bits() < 112 || p.bits() > 1024) {
++         throw Decoding_Error("ECC p parameter is invalid size");
++      }
++
++      if(p.is_negative() || !is_bailie_psw_probable_prime(p)) {
++         throw Decoding_Error("ECC p parameter is not a prime");
+       }
+ 
+       if(a.is_negative() || a >= p) {
diff --git a/meta-oe/recipes-crypto/botan/botan_3.2.0.bb b/meta-oe/recipes-crypto/botan/botan_3.2.0.bb
index 1fdda65a05..3c603a9b26 100644
--- a/meta-oe/recipes-crypto/botan/botan_3.2.0.bb
+++ b/meta-oe/recipes-crypto/botan/botan_3.2.0.bb
@@ -4,7 +4,9 @@  LICENSE = "BSD-2-Clause"
 LIC_FILES_CHKSUM = "file://license.txt;md5=f5254d3abe90ec5bb82c5694ff751546"
 SECTION = "libs"
 
-SRC_URI = "https://botan.randombit.net/releases/Botan-${PV}.tar.xz"
+SRC_URI = "https://botan.randombit.net/releases/Botan-${PV}.tar.xz \
+           file://CVE-2024-34703.patch \
+"
 SRC_URI[sha256sum] = "049c847835fcf6ef3a9e206b33de05dd38999c325e247482772a5598d9e5ece3"
 
 S = "${WORKDIR}/Botan-${PV}"