4.3-stable patches

added patches:
	crypto-asymmetric_keys-remove-always-false-comparison.patch
	x.509-fix-the-time-validation.patch

diff --git a/queue-4.3/crypto-asymmetric_keys-remove-always-false-comparison.patch b/queue-4.3/crypto-asymmetric_keys-remove-always-false-comparison.patch
new file mode 100644 (file)
index 0000000..f48857e
--- /dev/null
+++ b/queue-4.3/crypto-asymmetric_keys-remove-always-false-comparison.patch
@@ -0,0 +1,34 @@
+From 4dd17c9c8a30c8d8cd1c9d4b94f08aca4b038d3e Mon Sep 17 00:00:00 2001
+From: sudip <sudipm.mukherjee@gmail.com>
+Date: Thu, 17 Sep 2015 13:12:51 +0530
+Subject: crypto: asymmetric_keys - remove always false comparison
+
+From: sudip <sudipm.mukherjee@gmail.com>
+
+commit 4dd17c9c8a30c8d8cd1c9d4b94f08aca4b038d3e upstream.
+
+hour, min and sec are unsigned int and they can never be less than zero.
+
+Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/asymmetric_keys/x509_cert_parser.c |    6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/crypto/asymmetric_keys/x509_cert_parser.c
++++ b/crypto/asymmetric_keys/x509_cert_parser.c
+@@ -546,9 +546,9 @@ int x509_decode_time(time64_t *_t,  size
+       if (year < 1970 ||
+           mon < 1 || mon > 12 ||
+           day < 1 || day > mon_len ||
+-          hour < 0 || hour > 23 ||
+-          min < 0 || min > 59 ||
+-          sec < 0 || sec > 59)
++          hour > 23 ||
++          min > 59 ||
++          sec > 59)
+               goto invalid_time;
+       
+       *_t = mktime64(year, mon, day, hour, min, sec);

diff --git a/queue-4.3/x.509-fix-the-time-validation.patch b/queue-4.3/x.509-fix-the-time-validation.patch
new file mode 100644 (file)
index 0000000..e6677d6
--- /dev/null
+++ b/queue-4.3/x.509-fix-the-time-validation.patch
@@ -0,0 +1,87 @@
+From cc25b994acfbc901429da682d0f73c190e960206 Mon Sep 17 00:00:00 2001
+From: David Howells <dhowells@redhat.com>
+Date: Thu, 12 Nov 2015 09:36:40 +0000
+Subject: X.509: Fix the time validation [ver #2]
+
+From: David Howells <dhowells@redhat.com>
+
+commit cc25b994acfbc901429da682d0f73c190e960206 upstream.
+
+This fixes CVE-2015-5327.  It affects kernels from 4.3-rc1 onwards.
+
+Fix the X.509 time validation to use month number-1 when looking up the
+number of days in that month.  Also put the month number validation before
+doing the lookup so as not to risk overrunning the array.
+
+This can be tested by doing the following:
+
+cat <<EOF | openssl x509 -outform DER | keyctl padd asymmetric "" @s
+-----BEGIN CERTIFICATE-----
+MIIDbjCCAlagAwIBAgIJAN/lUld+VR4hMA0GCSqGSIb3DQEBCwUAMCkxETAPBgNV
+BAoMCGxvY2FsLWNhMRQwEgYDVQQDDAtzaWduaW5nIGtleTAeFw0xNTA5MDEyMTMw
+MThaFw0xNjA4MzEyMTMwMThaMCkxETAPBgNVBAoMCGxvY2FsLWNhMRQwEgYDVQQD
+DAtzaWduaW5nIGtleTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANrn
+crcMfMeG67nagX4+m02Xk9rkmsMKI5XTUxbikROe7GSUVJ27sPVPZp4mgzoWlvhh
+jfK8CC/qhEhwep8Pgg4EJZyWOjhZb7R97ckGvLIoUC6IO3FC2ZnR7WtmWDgo2Jcj
+VlXwJdHhKU1VZwulh81O61N8IBKqz2r/kDhIWiicUCUkI/Do/RMRfKAoDBcSh86m
+gOeIAGfq62vbiZhVsX5dOE8Oo2TK5weAvwUIOR7OuGBl5AqwFlPnXQolewiHzKry
+THg9e44HfzG4Mi6wUvcJxVaQT1h5SrKD779Z5+8+wf1JLaooetcEUArvWyuxCU59
+qxA4lsTjBwl4cmEki+cCAwEAAaOBmDCBlTAMBgNVHRMEBTADAQH/MAsGA1UdDwQE
+AwIHgDAdBgNVHQ4EFgQUyND/eKUis7ep/hXMJ8iZMdUhI+IwWQYDVR0jBFIwUIAU
+yND/eKUis7ep/hXMJ8iZMdUhI+KhLaQrMCkxETAPBgNVBAoMCGxvY2FsLWNhMRQw
+EgYDVQQDDAtzaWduaW5nIGtleYIJAN/lUld+VR4hMA0GCSqGSIb3DQEBCwUAA4IB
+AQAMqm1N1yD5pimUELLhT5eO2lRdGUfTozljRxc7e2QT3RLk2TtGhg65JFFN6eml
+XS58AEPVcAsSLDlR6WpOpOLB2giM0+fV/eYFHHmh22yqTJl4YgkdUwyzPdCHNOZL
+hmSKeY9xliHb6PNrNWWtZwhYYvRaO2DX4GXOMR0Oa2O4vaYu6/qGlZOZv3U6qZLY
+wwHEJSrqeBDyMuwN+eANHpoSpiBzD77S4e+7hUDJnql4j6xzJ65+nWJ89fCrQypR
+4sN5R3aGeIh3QAQUIKpHilwek0CtEaYERgc5m+jGyKSc1rezJW62hWRTaitOc+d5
+G5hh+9YpnYcxQHEKnZ7rFNKJ
+-----END CERTIFICATE-----
+EOF
+
+If it works, it emit a key ID; if it fails, it should give a bad message
+error.
+
+Reported-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
+Signed-off-by: David Howells <dhowells@redhat.com>
+Tested-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
+Acked-by: David Woodhouse <David.Woodhouse@intel.com>
+Signed-off-by: James Morris <james.l.morris@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/asymmetric_keys/x509_cert_parser.c |   12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+--- a/crypto/asymmetric_keys/x509_cert_parser.c
++++ b/crypto/asymmetric_keys/x509_cert_parser.c
+@@ -531,7 +531,11 @@ int x509_decode_time(time64_t *_t,  size
+       if (*p != 'Z')
+               goto unsupported_time;
+ 
+-      mon_len = month_lengths[mon];
++      if (year < 1970 ||
++          mon < 1 || mon > 12)
++              goto invalid_time;
++
++      mon_len = month_lengths[mon - 1];
+       if (mon == 2) {
+               if (year % 4 == 0) {
+                       mon_len = 29;
+@@ -543,14 +547,12 @@ int x509_decode_time(time64_t *_t,  size
+               }
+       }
+ 
+-      if (year < 1970 ||
+-          mon < 1 || mon > 12 ||
+-          day < 1 || day > mon_len ||
++      if (day < 1 || day > mon_len ||
+           hour > 23 ||
+           min > 59 ||
+           sec > 59)
+               goto invalid_time;
+-      
++
+       *_t = mktime64(year, mon, day, hour, min, sec);
+       return 0;
+