author | Jesse Butler <jesse.butler@oracle.com> |
Fri, 29 Jul 2016 11:50:34 -0700 | |
changeset 6527 | 106e3067f7cc |
parent 4068 | 29a9d33b67fa |
permissions | -rw-r--r-- |
4068
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
1 |
Source: |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
2 |
http://www.gnutls.org/security.html |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
3 |
Info: |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
4 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466 |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
5 |
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
6 |
GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
7 |
servers to cause a denial of service (memory corruption) or possibly execute |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
8 |
arbitrary code via a long session id in a ServerHello message. |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
9 |
Status: |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
10 |
Need to determine if this patch has been sent upstream. |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
11 |
|
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
12 |
--- gnutls-2.8.6/lib/gnutls_handshake.c.orig 2014-06-05 10:04:17.494148857 +0530 |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
13 |
+++ gnutls-2.8.6/lib/gnutls_handshake.c 2014-06-05 10:05:44.462058226 +0530 |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
14 |
@@ -1518,7 +1518,7 @@ _gnutls_read_server_hello (gnutls_sessio |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
15 |
DECR_LEN (len, 1); |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
16 |
session_id_len = data[pos++]; |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
17 |
|
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
18 |
- if (len < session_id_len) |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
19 |
+ if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE) |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
20 |
{ |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
21 |
gnutls_assert (); |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
22 |
return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; |