upstream/oracle/userland-gate: components/gnutls/patches/08-cve-2014-3466.patch@29a9d33b67fa (annotated)

4068 29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	1	Source:
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	2	http://www.gnutls.org/security.html
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	3	Info:
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	4	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	5	Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	6	GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	7	servers to cause a denial of service (memory corruption) or possibly execute
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	8	arbitrary code via a long session id in a ServerHello message.
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	9	Status:
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	10	Need to determine if this patch has been sent upstream.
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	11
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	12	--- gnutls-2.8.6/lib/gnutls_handshake.c.orig 2014-06-05 10:04:17.494148857 +0530
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	13	+++ gnutls-2.8.6/lib/gnutls_handshake.c 2014-06-05 10:05:44.462058226 +0530
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	14	@@ -1518,7 +1518,7 @@ _gnutls_read_server_hello (gnutls_sessio
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	15	DECR_LEN (len, 1);
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	16	session_id_len = data[pos++];
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	17
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	18	- if (len < session_id_len)
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	19	+ if (len < session_id_len \|\| session_id_len > TLS_MAX_SESSION_ID_SIZE)
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	20	{
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	21	gnutls_assert ();
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	22	return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;

author	Ann Lai <ann.lai@oracle.com>
	Wed, 08 Apr 2015 10:31:09 -0700
changeset 4068	29a9d33b67fa
permissions	-rw-r--r--