fix cve CVE-2023-33201

2023-06-26 16:56:37 +08:00 · 2023-06-26 16:56:37 +08:00 · d85f4754d4
commit d85f4754d4
parent 794778ebed
2 changed files with 166 additions and 1 deletions
--- a/0001-CVE-2023-33201-added-filter-encode-to-search.patch
+++ b/0001-CVE-2023-33201-added-filter-encode-to-search.patch
@ -0,0 +1,161 @@
+From e8c409a8389c815ea3fda5e8b94c92fdfe583bcc Mon Sep 17 00:00:00 2001
+From: royb <roy.basmacier@primekey.com>
+Date: Tue, 25 Apr 2023 23:11:52 -0400
+Subject: [PATCH] added filter encode to search
+
+---
+ .../jce/provider/X509LDAPCertStoreSpi.java    | 89 +++++++++++++++----
+ 1 file changed, 73 insertions(+), 16 deletions(-)
+
+diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java b/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java
+index f526994..d9a2090 100644
+--- a/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java
+++ b/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java
+@@ -50,21 +50,22 @@
+ public class X509LDAPCertStoreSpi
+     extends CertStoreSpi
+ {
+-    private X509LDAPCertStoreParameters params;
+-
+-    public X509LDAPCertStoreSpi(CertStoreParameters params)
+-        throws InvalidAlgorithmParameterException
+    private static String[] FILTER_ESCAPE_TABLE = new String['\\' + 1];
+    static        
+     {
+-        super(params);
+-
+-        if (!(params instanceof X509LDAPCertStoreParameters))
+        // Filter encoding table -------------------------------------
+        // fill with char itself
+        for (char c = 0; c < FILTER_ESCAPE_TABLE.length; c++)
+         {
+-            throw new InvalidAlgorithmParameterException(
+-                X509LDAPCertStoreSpi.class.getName() + ": parameter must be a " + X509LDAPCertStoreParameters.class.getName() + " object\n"
+-                    + params.toString());
+            FILTER_ESCAPE_TABLE[c] = String.valueOf(c);
+         }
+ 
+-        this.params = (X509LDAPCertStoreParameters)params;
+        // escapes (RFC2254)
+        FILTER_ESCAPE_TABLE['*'] = "\\2a";
+        FILTER_ESCAPE_TABLE['('] = "\\28";
+        FILTER_ESCAPE_TABLE[')'] = "\\29";
+        FILTER_ESCAPE_TABLE['\\'] = "\\5c";
+        FILTER_ESCAPE_TABLE[0] = "\\00";
+     }
+ 
+     /**
+@@ -86,8 +87,26 @@ public X509LDAPCertStoreSpi(CertStoreParameters params)
+      * Package Prefix for loading URL context factories.
+      */
+     private static final String URL_CONTEXT_PREFIX = "com.sun.jndi.url";
+    private X509LDAPCertStoreParameters params;
+
+    public X509LDAPCertStoreSpi(CertStoreParameters params)
+        throws InvalidAlgorithmParameterException
+    {
+        super(params);
+
+        if (!(params instanceof X509LDAPCertStoreParameters))
+        {
+            throw new InvalidAlgorithmParameterException(
+                X509LDAPCertStoreSpi.class.getName() + ": parameter must be a " + X509LDAPCertStoreParameters.class.getName() + " object\n"
+                    + params.toString());
+        }
+ 
+-    private DirContext connectLDAP() throws NamingException
+        this.params = (X509LDAPCertStoreParameters)params;
+    }
+
+
+    private DirContext connectLDAP() 
+        throws NamingException
+     {
+         Properties props = new Properties();
+         props.setProperty(Context.INITIAL_CONTEXT_FACTORY, LDAP_PROVIDER);
+@@ -137,7 +156,7 @@ private String parseDN(String subject, String subjectAttributeName)
+         {
+             temp = temp.substring(0, temp.length() - 1);
+         }
+-        return temp;
+        return filterEncode(temp);
+     }
+ 
+     public Collection engineGetCertificates(CertSelector selector)
+@@ -195,7 +214,7 @@ public Collection engineGetCertificates(CertSelector selector)
+                 {
+ 
+                 }
+-                for (Iterator it2 = bytesList.iterator(); it2.hasNext();)
+                for (Iterator it2 = bytesList.iterator(); it2.hasNext(); )
+                 {
+                     ByteArrayInputStream bIn = new ByteArrayInputStream(
+                         (byte[])it2.next());
+@@ -346,7 +365,7 @@ public Collection engineGetCRLs(CRLSelector selector)
+         if (xselector.getIssuerNames() != null)
+         {
+             for (Iterator it = xselector.getIssuerNames().iterator(); it
+-                .hasNext();)
+                .hasNext(); )
+             {
+                 Object o = it.next();
+                 String attrValue = null;
+@@ -396,6 +415,42 @@ public Collection engineGetCRLs(CRLSelector selector)
+         return crlSet;
+     }
+ 
+     /**
+     * Escape a value for use in a filter.
+     *
+     * @param value the value to escape.
+     * @return a properly escaped representation of the supplied value.
+     */
+    private String filterEncode(String value)
+    {
+        if (value == null)
+        {
+            return null;
+        }
+
+        // make buffer roomy
+        StringBuilder encodedValue = new StringBuilder(value.length() * 2);
+
+        int length = value.length();
+
+        for (int i = 0; i < length; i++)
+        {
+            char c = value.charAt(i);
+
+            if (c < FILTER_ESCAPE_TABLE.length)
+            {
+                encodedValue.append(FILTER_ESCAPE_TABLE[c]);
+            }
+            else
+            {
+                // default: add the char
+                encodedValue.append(c);
+            }
+        }
+
+        return encodedValue.toString();
+    }
+
+     /**
+      * Returns a Set of byte arrays with the certificate or CRL encodings.
+      *
+@@ -406,9 +461,11 @@ public Collection engineGetCRLs(CRLSelector selector)
+      * @return Set of byte arrays with the certificate encodings.
+      */
+     private Set search(String attributeName, String attributeValue,
+-                       String[] attrs) throws CertStoreException
+                       String[] attrs) 
+        throws CertStoreException
+     {
+         String filter = attributeName + "=" + attributeValue;
+//      System.out.println(filter);
+         if (attributeName == null)
+         {
+             filter = null;
+-- 
+2.39.2
+
--- a/bouncycastle.spec
+++ b/bouncycastle.spec
@ -6,7 +6,7 @@

 Name:             bouncycastle
 Version:          1.67
-Release:          1
+Release:          2 
 Summary:          A Java implementation of cryptographic algorithms
 License:          MIT
 URL:              http://www.bouncycastle.org
@ -16,6 +16,7 @@ Source2:          https://repo1.maven.org/maven2/org/bouncycastle/bcpg-jdk15on/%
 Source3:          https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/%{version}/bcpkix-jdk15on-%{version}.pom
 Source4:          https://repo1.maven.org/maven2/org/bouncycastle/bcprov-jdk15on/%{version}/bcprov-jdk15on-%{version}.pom
 Source5:          https://repo1.maven.org/maven2/org/bouncycastle/bctls-jdk15on/%{version}/bctls-jdk15on-%{version}.pom
+Patch001:	  0001-CVE-2023-33201-added-filter-encode-to-search.patch
 BuildRequires:    ant ant-junit aqute-bnd javamail javapackages-local
 BuildRequires:    jakarta-activation
 Requires(post):   javapackages-tools
@ -146,6 +147,9 @@ fi
 %{java_sec_dir}/2000-%{class_name}

 %changelog
+* Sun Jun 25 2023 licihua <licihua@huawei.com> - 1.67-2
+- fix cve CVE-2023-33201
+
 * Fri Nov 25 2022 wangkai <wangkai385@h-partners.com> - 1.67-1
 - Update to 1.67