author | Neng Xue <neng.xue@oracle.com> |
Thu, 05 May 2016 17:00:57 -0700 | |
changeset 5932 | 707ac80a571d |
parent 4068 | 29a9d33b67fa |
permissions | -rw-r--r-- |
4068
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
1 |
Source: |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
2 |
http://www.gnutls.org/security.html |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
3 |
Info: |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
4 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3465 |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
5 |
The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
6 |
3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
7 |
service (NULL pointer dereference) via a crafted X.509 certificate, related to |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
8 |
a missing LDAP description for an OID when printing the DN. |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
9 |
Status: |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
10 |
Need to determine if this patch has been sent upstream. |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
11 |
|
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
12 |
--- gnutls-2.8.6/lib/x509/common.c.orig 2014-06-05 10:06:21.669353689 +0530 |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
13 |
+++ gnutls-2.8.6/lib/x509/common.c 2014-06-05 10:09:33.428829187 +0530 |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
14 |
@@ -160,7 +160,7 @@ _gnutls_x509_oid2ldap_string (const char |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
15 |
|
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
16 |
do |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
17 |
{ |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
18 |
- if (strcmp (_oid2str[i].oid, oid) == 0) |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
19 |
+ if (strcmp (_oid2str[i].oid, oid) == 0 && _oid2str[i].ldap_desc != NULL) |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
20 |
return _oid2str[i].ldap_desc; |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
21 |
i++; |
29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
22 |
} |