fix cve CVE-2023-33201

2023-06-26 16:56:37 +08:00 · 2023-06-26 16:56:37 +08:00 · d85f4754d4
commit d85f4754d4
parent 794778ebed
2 changed files with 166 additions and 1 deletions
--- a/0001-CVE-2023-33201-added-filter-encode-to-search.patch
+++ b/0001-CVE-2023-33201-added-filter-encode-to-search.patch
@ -0,0 +1,161 @@
 From e8c409a8389c815ea3fda5e8b94c92fdfe583bcc Mon Sep 17 00:00:00 2001
 From: royb <roy.basmacier@primekey.com>
 Date: Tue, 25 Apr 2023 23:11:52 -0400
 Subject: [PATCH] added filter encode to search
 ---
 .../jce/provider/X509LDAPCertStoreSpi.java    | 89 +++++++++++++++----
 1 file changed, 73 insertions(+), 16 deletions(-)
 diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java b/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java
 index f526994..d9a2090 100644
 --- a/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java
 +++ b/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java
@@ -50,21 +50,22 @@
 public class X509LDAPCertStoreSpi
     extends CertStoreSpi
 {
 -    private X509LDAPCertStoreParameters params;
 -
 -    public X509LDAPCertStoreSpi(CertStoreParameters params)
 -        throws InvalidAlgorithmParameterException
 +    private static String[] FILTER_ESCAPE_TABLE = new String['\\' + 1];
 +    static        
     {
 -        super(params);
 -
 -        if (!(params instanceof X509LDAPCertStoreParameters))
 +        // Filter encoding table -------------------------------------
 +        // fill with char itself
 +        for (char c = 0; c < FILTER_ESCAPE_TABLE.length; c++)
         {
 -            throw new InvalidAlgorithmParameterException(
 -                X509LDAPCertStoreSpi.class.getName() + ": parameter must be a " + X509LDAPCertStoreParameters.class.getName() + " object\n"
 -                    + params.toString());
 +            FILTER_ESCAPE_TABLE[c] = String.valueOf(c);
         }
 -        this.params = (X509LDAPCertStoreParameters)params;
 +        // escapes (RFC2254)
 +        FILTER_ESCAPE_TABLE['*'] = "\\2a";
 +        FILTER_ESCAPE_TABLE['('] = "\\28";
 +        FILTER_ESCAPE_TABLE[')'] = "\\29";
 +        FILTER_ESCAPE_TABLE['\\'] = "\\5c";
 +        FILTER_ESCAPE_TABLE[0] = "\\00";
     }
     /**
@@ -86,8 +87,26 @@ public X509LDAPCertStoreSpi(CertStoreParameters params)
      * Package Prefix for loading URL context factories.
      */
     private static final String URL_CONTEXT_PREFIX = "com.sun.jndi.url";
 +    private X509LDAPCertStoreParameters params;
 +
 +    public X509LDAPCertStoreSpi(CertStoreParameters params)
 +        throws InvalidAlgorithmParameterException
 +    {
 +        super(params);
 +
 +        if (!(params instanceof X509LDAPCertStoreParameters))
 +        {
 +            throw new InvalidAlgorithmParameterException(
 +                X509LDAPCertStoreSpi.class.getName() + ": parameter must be a " + X509LDAPCertStoreParameters.class.getName() + " object\n"
 +                    + params.toString());
 +        }
 -    private DirContext connectLDAP() throws NamingException
 +        this.params = (X509LDAPCertStoreParameters)params;
 +    }
 +
 +
 +    private DirContext connectLDAP() 
 +        throws NamingException
     {
         Properties props = new Properties();
         props.setProperty(Context.INITIAL_CONTEXT_FACTORY, LDAP_PROVIDER);
@@ -137,7 +156,7 @@ private String parseDN(String subject, String subjectAttributeName)
         {
             temp = temp.substring(0, temp.length() - 1);
         }
 -        return temp;
 +        return filterEncode(temp);
     }
     public Collection engineGetCertificates(CertSelector selector)
@@ -195,7 +214,7 @@ public Collection engineGetCertificates(CertSelector selector)
                 {
                 }
 -                for (Iterator it2 = bytesList.iterator(); it2.hasNext();)
 +                for (Iterator it2 = bytesList.iterator(); it2.hasNext(); )
                 {
                     ByteArrayInputStream bIn = new ByteArrayInputStream(
                         (byte[])it2.next());
@@ -346,7 +365,7 @@ public Collection engineGetCRLs(CRLSelector selector)
         if (xselector.getIssuerNames() != null)
         {
             for (Iterator it = xselector.getIssuerNames().iterator(); it
 -                .hasNext();)
 +                .hasNext(); )
             {
                 Object o = it.next();
                 String attrValue = null;
@@ -396,6 +415,42 @@ public Collection engineGetCRLs(CRLSelector selector)
         return crlSet;
     }
 +     /**
 +     * Escape a value for use in a filter.
 +     *
 +     * @param value the value to escape.
 +     * @return a properly escaped representation of the supplied value.
 +     */
 +    private String filterEncode(String value)
 +    {
 +        if (value == null)
 +        {
 +            return null;
 +        }
 +
 +        // make buffer roomy
 +        StringBuilder encodedValue = new StringBuilder(value.length() * 2);
 +
 +        int length = value.length();
 +
 +        for (int i = 0; i < length; i++)
 +        {
 +            char c = value.charAt(i);
 +
 +            if (c < FILTER_ESCAPE_TABLE.length)
 +            {
 +                encodedValue.append(FILTER_ESCAPE_TABLE[c]);
 +            }
 +            else
 +            {
 +                // default: add the char
 +                encodedValue.append(c);
 +            }
 +        }
 +
 +        return encodedValue.toString();
 +    }
 +
     /**
      * Returns a Set of byte arrays with the certificate or CRL encodings.
      *
@@ -406,9 +461,11 @@ public Collection engineGetCRLs(CRLSelector selector)
      * @return Set of byte arrays with the certificate encodings.
      */
     private Set search(String attributeName, String attributeValue,
 -                       String[] attrs) throws CertStoreException
 +                       String[] attrs) 
 +        throws CertStoreException
     {
         String filter = attributeName + "=" + attributeValue;
 +//      System.out.println(filter);
         if (attributeName == null)
         {
             filter = null;
 -- 
 2.39.2
--- a/bouncycastle.spec
+++ b/bouncycastle.spec
@ -6,7 +6,7 @@
 Name:             bouncycastle
 Version:          1.67
-Release:          1
+Release:          2 
 Summary:          A Java implementation of cryptographic algorithms
 License:          MIT
 URL:              http://www.bouncycastle.org
@ -16,6 +16,7 @@ Source2:          https://repo1.maven.org/maven2/org/bouncycastle/bcpg-jdk15on/%
 Source3:          https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/%{version}/bcpkix-jdk15on-%{version}.pom
 Source4:          https://repo1.maven.org/maven2/org/bouncycastle/bcprov-jdk15on/%{version}/bcprov-jdk15on-%{version}.pom
 Source5:          https://repo1.maven.org/maven2/org/bouncycastle/bctls-jdk15on/%{version}/bctls-jdk15on-%{version}.pom
 Patch001:	  0001-CVE-2023-33201-added-filter-encode-to-search.patch
 BuildRequires:    ant ant-junit aqute-bnd javamail javapackages-local
 BuildRequires:    jakarta-activation
 Requires(post):   javapackages-tools
@ -146,6 +147,9 @@ fi
 %{java_sec_dir}/2000-%{class_name}
 %changelog
 * Sun Jun 25 2023 licihua <licihua@huawei.com> - 1.67-2
 - fix cve CVE-2023-33201
 * Fri Nov 25 2022 wangkai <wangkai385@h-partners.com> - 1.67-1
 - Update to 1.67