upstream/oracle/userland-gate: components/gnutls/patches/05-cve-2013-2116.patch@b41bd36a76a5 (annotated)

4068 29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	1	Source:
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	2	http://www.gnutls.org/security.html
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	3	Info:
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	4	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	5	The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	6	2.12.23 allows remote attackers to cause a denial of service (buffer over-read
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	7	and crash) via a crafted padding length. NOTE: this might be due to an
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	8	incorrect fix for CVE-2013-0169.
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	9	Status:
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	10	Need to determine if this patch has been sent upstream.
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	11
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	12	--- gnutls-2.8.6/lib/gnutls_cipher.c.orig 2013-06-04 12:03:39.812680465 +0530
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	13	+++ gnutls-2.8.6/lib/gnutls_cipher.c 2013-06-04 12:02:56.766612394 +0530
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	14	@@ -554,6 +554,8 @@ _gnutls_ciphertext2compressed (gnutls_se
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	15	}
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	16
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	17	pad = ciphertext.data[ciphertext.size - 1]; /* pad */
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	18	+ if (pad+1 > ciphertext.size-hash_size)
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	19	+ pad_failed = GNUTLS_E_DECRYPTION_FAILED;
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	20
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	21	/* Check the pading bytes (TLS 1.x).
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	22	* Note that we access all 256 bytes of ciphertext for padding check

author	Mike Sullivan <Mike.Sullivan@Oracle.COM>
	Thu, 25 Aug 2016 23:02:28 -0700
changeset 6703	b41bd36a76a5
parent 4068	29a9d33b67fa
permissions	-rw-r--r--