From 62fa43ee4e574cc5d029137fd94c4c18b388f350 Mon Sep 17 00:00:00 2001 From: Diggory Hardy Date: Sun, 14 Feb 2021 09:57:03 +0000 Subject: [PATCH 1/5] Create RUSTSEC-0000-0000 --- crates/rand_core/RUSTSEC-0000-0000 | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 crates/rand_core/RUSTSEC-0000-0000 diff --git a/crates/rand_core/RUSTSEC-0000-0000 b/crates/rand_core/RUSTSEC-0000-0000 new file mode 100644 index 000000000..bc707e145 --- /dev/null +++ b/crates/rand_core/RUSTSEC-0000-0000 @@ -0,0 +1,16 @@ +[advisory] +id = "RUSTSEC-0000-0000" +package = "rand_core" +date = "2021-02-12" +url = "https://github.com/rust-random/rand/pull/1096" +categories = ["crypto-failure"] +keywords = [] + +# Optional: metadata which narrows the scope of what this advisory affects +[affected] +functions = { "rand_core::le::read_u32_into" = ["< 0.6.2, >= 0.6.0"] } +functions = { "rand_core::le::read_u64_into" = ["< 0.6.2, >= 0.6.0"] } + +[versions] +patched = [">= 0.6.2"] +unaffected = ["< 0.6.0"] From febea6251c0bd21aebbb7cc1e9c0bef190a8269f Mon Sep 17 00:00:00 2001 From: Diggory Hardy Date: Mon, 15 Feb 2021 10:03:47 +0000 Subject: [PATCH 2/5] Rename RUSTSEC-0000-0000 to RUSTSEC-0000-0000.md --- crates/rand_core/{RUSTSEC-0000-0000 => RUSTSEC-0000-0000.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename crates/rand_core/{RUSTSEC-0000-0000 => RUSTSEC-0000-0000.md} (100%) diff --git a/crates/rand_core/RUSTSEC-0000-0000 b/crates/rand_core/RUSTSEC-0000-0000.md similarity index 100% rename from crates/rand_core/RUSTSEC-0000-0000 rename to crates/rand_core/RUSTSEC-0000-0000.md From 0e918c38ff073363ce42405d485ae8e75f423b2f Mon Sep 17 00:00:00 2001 From: Diggory Hardy Date: Mon, 15 Feb 2021 15:11:24 +0000 Subject: [PATCH 3/5] Add TOML deliminators and comment Co-authored-by: Tony Arcieri --- crates/rand_core/RUSTSEC-0000-0000.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/crates/rand_core/RUSTSEC-0000-0000.md b/crates/rand_core/RUSTSEC-0000-0000.md index bc707e145..77912c6e5 100644 --- a/crates/rand_core/RUSTSEC-0000-0000.md +++ b/crates/rand_core/RUSTSEC-0000-0000.md @@ -1,3 +1,4 @@ +```toml [advisory] id = "RUSTSEC-0000-0000" package = "rand_core" @@ -14,3 +15,10 @@ functions = { "rand_core::le::read_u64_into" = ["< 0.6.2, >= 0.6.0"] } [versions] patched = [">= 0.6.2"] unaffected = ["< 0.6.0"] +\`\`\` + +# Incorrect check on buffer length when seeding RNGs + +Summary: rand_core::le::read_u32_into and read_u64_into have incorrect checks on the source buffer length, allowing the destination buffer to be under-filled. + +Implications: some downstream RNGs, including Hc128Rng (but not the more widely used ChaCha*Rng), allow seeding using the SeedableRng::from_seed trait-function with too short keys. From 59852827b18e61aef5a2a0862a086c71257bb151 Mon Sep 17 00:00:00 2001 From: Diggory Hardy Date: Mon, 15 Feb 2021 15:12:21 +0000 Subject: [PATCH 4/5] Correct TOML closing deliminator --- crates/rand_core/RUSTSEC-0000-0000.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crates/rand_core/RUSTSEC-0000-0000.md b/crates/rand_core/RUSTSEC-0000-0000.md index 77912c6e5..9bf3d20cc 100644 --- a/crates/rand_core/RUSTSEC-0000-0000.md +++ b/crates/rand_core/RUSTSEC-0000-0000.md @@ -15,7 +15,7 @@ functions = { "rand_core::le::read_u64_into" = ["< 0.6.2, >= 0.6.0"] } [versions] patched = [">= 0.6.2"] unaffected = ["< 0.6.0"] -\`\`\` +``` # Incorrect check on buffer length when seeding RNGs From 2117761274d4070918e00cd11084758f58da65e1 Mon Sep 17 00:00:00 2001 From: Diggory Hardy Date: Mon, 15 Feb 2021 15:16:37 +0000 Subject: [PATCH 5/5] Merge functions key entries --- crates/rand_core/RUSTSEC-0000-0000.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crates/rand_core/RUSTSEC-0000-0000.md b/crates/rand_core/RUSTSEC-0000-0000.md index 9bf3d20cc..61a3a3675 100644 --- a/crates/rand_core/RUSTSEC-0000-0000.md +++ b/crates/rand_core/RUSTSEC-0000-0000.md @@ -8,9 +8,9 @@ categories = ["crypto-failure"] keywords = [] # Optional: metadata which narrows the scope of what this advisory affects -[affected] -functions = { "rand_core::le::read_u32_into" = ["< 0.6.2, >= 0.6.0"] } -functions = { "rand_core::le::read_u64_into" = ["< 0.6.2, >= 0.6.0"] } +[affected.functions] +"rand_core::le::read_u32_into" = ["< 0.6.2, >= 0.6.0"] +"rand_core::le::read_u64_into" = ["< 0.6.2, >= 0.6.0"] [versions] patched = [">= 0.6.2"]