From 1a9f3b185183314687b0a84215fde139a3317f0d Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@microsoft.com>
Date: Tue, 2 Jul 2019 12:17:02 +0100
Subject: [PATCH 1/2] Problem: application metadata not parsed correctly when
 using CURVE

Solution: create buffers large enough to contain arbitrary metadata
---
 src/curve_server.cpp | 34 ++++++++++++++++++++++++----------
 1 file changed, 24 insertions(+), 10 deletions(-)

diff --git a/src/curve_server.cpp b/src/curve_server.cpp
index cfdd89d9..30b1cd1c 100644
--- a/src/curve_server.cpp
+++ b/src/curve_server.cpp
@@ -440,8 +440,12 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
     const size_t clen = (msg_->size () - 113) + crypto_box_BOXZEROBYTES;
 
     uint8_t initiate_nonce [crypto_box_NONCEBYTES];
-    uint8_t initiate_plaintext [crypto_box_ZEROBYTES + 128 + 256];
-    uint8_t initiate_box [crypto_box_BOXZEROBYTES + 144 + 256];
+    uint8_t *initiate_plaintext =
+      static_cast<uint8_t *> (malloc (crypto_box_ZEROBYTES + clen));
+    alloc_assert (initiate_plaintext);
+    uint8_t *initiate_box =
+      static_cast<uint8_t *> (malloc (crypto_box_BOXZEROBYTES + clen));
+    alloc_assert (initiate_box);
 
     //  Open Box [C + vouch + metadata](C'->S')
     memset (initiate_box, 0, crypto_box_BOXZEROBYTES);
@@ -452,17 +456,18 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
     memcpy (initiate_nonce + 16, initiate + 105, 8);
     cn_peer_nonce = get_uint64(initiate + 105);
 
+    const uint8_t *client_key = initiate_plaintext + crypto_box_ZEROBYTES;
+
     rc = crypto_box_open (initiate_plaintext, initiate_box,
                           clen, initiate_nonce, cn_client, cn_secret);
     if (rc != 0) {
         //  Temporary support for security debugging
         puts ("CURVE I: cannot open client INITIATE");
         errno = EPROTO;
-        return -1;
+        rc = -1;
+        goto exit;
     }
 
-    const uint8_t *client_key = initiate_plaintext + crypto_box_ZEROBYTES;
-
     uint8_t vouch_nonce [crypto_box_NONCEBYTES];
     uint8_t vouch_plaintext [crypto_box_ZEROBYTES + 64];
     uint8_t vouch_box [crypto_box_BOXZEROBYTES + 80];
@@ -483,7 +488,8 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
         //  Temporary support for security debugging
         puts ("CURVE I: cannot open client INITIATE vouch");
         errno = EPROTO;
-        return -1;
+        rc = -1;
+        goto exit;
     }
 
     //  What we decrypted must be the client's short-term public key
@@ -491,7 +497,8 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
         //  Temporary support for security debugging
         puts ("CURVE I: invalid handshake from client (public key)");
         errno = EPROTO;
-        return -1;
+        rc = -1;
+        goto exit;
     }
 
     //  Precompute connection secret from client key
@@ -510,14 +517,21 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
         else
         if (errno == EAGAIN)
             state = expect_zap_reply;
-        else
-            return -1;
+        else {
+            rc = -1;
+            goto exit;
+        }
     }
     else
         state = send_ready;
 
-    return parse_metadata (initiate_plaintext + crypto_box_ZEROBYTES + 128,
+    rc = parse_metadata (initiate_plaintext + crypto_box_ZEROBYTES + 128,
                            clen - crypto_box_ZEROBYTES - 128);
+
+exit:
+    free (initiate_plaintext);
+    free (initiate_box);
+    return rc;
 }
 
 int zmq::curve_server_t::produce_ready (msg_t *msg_)

From 4f4c4d55985e5ab54c1461fd857403337f133034 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@microsoft.com>
Date: Tue, 2 Jul 2019 12:53:04 +0100
Subject: [PATCH 2/2] Problem: latest fixes missing from NEWS

Solution: add them
---
 NEWS | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/NEWS b/NEWS
index 81bd9e33..e8e11f8f 100644
--- a/NEWS
+++ b/NEWS
@@ -1,13 +1,30 @@
 0MQ version 4.1.7 stable, released on 20xx/xx/xx
 ================================================
 
+* CVE-2019-13132: a remote, unauthenticated client connecting to a
+  libzmq application, running with a socket listening with CURVE
+  encryption/authentication enabled, may cause a stack overflow and
+  overwrite the stack with arbitrary data, due to a buffer overflow in
+  the library. Users running public servers with the above configuration
+  are highly encouraged to upgrade as soon as possible, as there are no
+  known mitigations. All versions from 4.0.0 and upwards are affected.
+
 * Fixed #2254 - zmq 4.1.6 cannot pub msg to a zmq 2.x
 
 * Fixed #2623 - ZMQ_ROUTER: with ZMQ_ROUTER_MANDATORY, ZMQ_POLLOUT will now
                 now return true only if at least one pipe is ready for writing
 
+* Fixed #159 - off-by-one error leaves ZMQ_STREAM unusable
+
+* Fixed #163 - Fix divide by zero, in case of race condition, with ZMQ_PUSH
+
 * Fixed #164 - EHOSTDOWN socket error assertion
 
+* Fixed #165 - inproc pub/sub does not work when sub connects/binds before pub
+               does
+
+* Fix parsing application metadata when using CURVE
+
 
 0MQ version 4.1.6 stable, released on 2016/11/01
 ================================================