Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/gnutls/patches/03-cve-2011-4128.patch
author Ann Lai <ann.lai@oracle.com>
Wed, 08 Apr 2015 10:31:09 -0700
changeset 4068 29a9d33b67fa
permissions -rw-r--r--
20231912 Move GnuTLS from Desktop to Userland consolidation
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
4068
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff changeset 
     1
 
Source:
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff changeset 
     2
 
http://www.gnutls.org/security.html
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff changeset 
     3
 
Info:
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff changeset 
     4
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4128
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff changeset 
     5
 
Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff changeset 
     6
 
in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff changeset 
     7
 
that performs nonstandard session resumption, allows remote TLS servers to
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff changeset 
     8
 
cause a denial of service (application crash) via a large SessionTicket.
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff changeset 
     9
 
Status:
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff changeset 
    10
 
Need to determine if this patch has been sent upstream.
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff changeset 
    11
 












29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    12


--- gnutls-2.8.6/lib/gnutls_session.c.orig	Fri Apr  6 11:19:30 2012













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    13


+++ gnutls-2.8.6/lib/gnutls_session.c	Fri Apr  6 11:19:51 2012













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    14


@@ -64,7 +64,6 @@













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    15


       gnutls_assert ();













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    16


       return ret;













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    17


     }













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    18


-  *session_data_size = psession.size;













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    19


 













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    20


   if (psession.size > *session_data_size)













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    21


     {













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    22


@@ -71,6 +70,7 @@













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    23


       ret = GNUTLS_E_SHORT_MEMORY_BUFFER;













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    24


       goto error;













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    25


     }













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    26


+  *session_data_size = psession.size;













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    27


 













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    28


   if (session_data != NULL)













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    29


     memcpy (session_data, psession.data, psession.size);















upstream/oracle/userland-gate