From 2b0d9ffdbd2c0d8852f9c93164d3139a64e161db Mon Sep 17 00:00:00 2001 From: mgb01105731 Date: Mon, 21 Apr 2025 23:43:01 -0400 Subject: [PATCH] Fix CVE-2023-33201 --- 0002-CVE-2023-33201.patch | 83 +++++++++++++++++++++++++++++++++++++++ bouncycastle.spec | 9 ++++- 2 files changed, 90 insertions(+), 2 deletions(-) create mode 100644 0002-CVE-2023-33201.patch diff --git a/0002-CVE-2023-33201.patch b/0002-CVE-2023-33201.patch new file mode 100644 index 0000000..f622dc8 --- /dev/null +++ b/0002-CVE-2023-33201.patch @@ -0,0 +1,83 @@ +From e8c409a8389c815ea3fda5e8b94c92fdfe583bcc Mon Sep 17 00:00:00 2001 +From: royb +Date: Tue, 25 Apr 2023 23:11:52 -0400 +Subject: [PATCH] added filter encode to search + +--- + .../jce/provider/X509LDAPCertStoreSpi.java | 56 ++++++++++++++++++- + 1 file changed, 55 insertions(+), 1 deletion(-) + +diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java b/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java +index 874444267d..ba1ac24529 100644 +--- a/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java ++++ b/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java +@@ -375,6 +375,59 @@ public Collection engineGetCRLs(CRLSelector selector) + + return crlSet; + } ++ private static String[] FILTER_ESCAPE_TABLE = new String['\\' + 1]; ++ ++ ++ static { ++ ++ // Filter encoding table ------------------------------------- ++ ++ // fill with char itself ++ for (char c = 0; c < FILTER_ESCAPE_TABLE.length; c++) { ++ FILTER_ESCAPE_TABLE[c] = String.valueOf(c); ++ } ++ ++ // escapes (RFC2254) ++ FILTER_ESCAPE_TABLE['*'] = "\\2a"; ++ FILTER_ESCAPE_TABLE['('] = "\\28"; ++ FILTER_ESCAPE_TABLE[')'] = "\\29"; ++ FILTER_ESCAPE_TABLE['\\'] = "\\5c"; ++ FILTER_ESCAPE_TABLE[0] = "\\00"; ++ ++ } ++ ++ /** ++ * Escape a value for use in a filter. ++ * @param value the value to escape. ++ * @return a properly escaped representation of the supplied value. ++ */ ++ private String filterEncode(String value) ++ { ++ if (value == null) ++ { ++ return null; ++ } ++ ++ // make buffer roomy ++ StringBuilder encodedValue = new StringBuilder(value.length() * 2); ++ ++ int length = value.length(); ++ ++ for (int i = 0; i < length; i++) { ++ ++ char c = value.charAt(i); ++ ++ if (c < FILTER_ESCAPE_TABLE.length) { ++ encodedValue.append(FILTER_ESCAPE_TABLE[c]); ++ } ++ else { ++ // default: add the char ++ encodedValue.append(c); ++ } ++ } ++ ++ return encodedValue.toString(); ++ } + + /** + * Returns a Set of byte arrays with the certificate or CRL encodings. +@@ -388,7 +441,8 @@ public Collection engineGetCRLs(CRLSelector selector) + private Set search(String attributeName, String attributeValue, + String[] attrs) throws CertStoreException + { +- String filter = attributeName + "=" + attributeValue; ++ String filter = attributeName + "=" + filterEncode(attributeValue); ++ System.out.println(filter); + if (attributeName == null) + { + filter = null; diff --git a/bouncycastle.spec b/bouncycastle.spec index 1361381..10f96d5 100644 --- a/bouncycastle.spec +++ b/bouncycastle.spec @@ -1,4 +1,4 @@ -%define anolis_release 2 +%define anolis_release 3 %global gittag r1rv70 %global classname org.bouncycastle.jce.provider.BouncyCastleProvider @@ -25,6 +25,7 @@ Source7: get-poms.sh # Backport fix for regression in bouncycastle 1.70 Patch0: 0001-added-back-support-for-subject-key-identifier-check-.patch +Patch1: 0002-CVE-2023-33201.patch BuildArch: noarch ExclusiveArch: %{java_arches} noarch @@ -94,7 +95,8 @@ API documentation for the Bouncy Castle Cryptography APIs. %prep %setup -q -n bc-java-%{gittag} -%patch0 -p1 +%patch 0 -p1 +%patch 1 -p1 # Remove bundled binary libs find . -type f -name "*.class" -exec rm -f {} \; @@ -220,6 +222,9 @@ fi %license LICENSE.html %changelog +* Tue Apr 22 2025 wh02252983 - 1.70-3 +- Fix CVE-2023-33201 + * Wed Dec 27 2023 mgb01105731 - 1.70-2 - rebuild -- Gitee