Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/gnutls/patches/02-cve-2012-1573.patch
author zihao.zhu@oracle.com <zihao.zhu@oracle.com>
Tue, 18 Oct 2016 14:50:09 -0700
changeset 7123 b650e07ff9f6
parent 4068 29a9d33b67fa
permissions -rw-r--r--
24750381 python-ldap missing dependencies on pyasn1, pyasn1-modules
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
4068
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff changeset 
     1
 
Source:
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff changeset 
     2
 
http://www.gnutls.org/security.html
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff changeset 
     3
 
Info:
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff changeset 
     4
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1573
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff changeset 
     5
 
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff changeset 
     6
 
does not properly handle data encrypted with a block cipher, which allows
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff changeset 
     7
 
remote attackers to cause a denial of service (heap memory corruption and
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff changeset 
     8
 
application crash) via a crafted record, as demonstrated by a crafted
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff changeset 
     9
 
GenericBlockCipher structure.
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff changeset 
    10
 
Status:
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff changeset 
    11
 
Need to determine if this patch has been sent upstream.
29a9d33b67fa 20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff changeset 
    12
 












29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    13


--- gnutls-2.8.6/lib/gnutls_cipher.c.orig	Mon Nov  2 18:30:39 2009













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    14


+++ gnutls-2.8.6/lib/gnutls_cipher.c	Fri Apr  6 11:09:15 2012













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    15


@@ -502,12 +502,12 @@













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    16


 	  ciphertext.size -= blocksize;













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    17


 	  ciphertext.data += blocksize;













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    18


 













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    19


-	  if (ciphertext.size == 0)













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    20


-	    {













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    21


-	      gnutls_assert ();













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    22


-	      return GNUTLS_E_DECRYPTION_FAILED;













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    23


-	    }













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    24


 	}













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    25


+      if (ciphertext.size < hash_size)













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    26


+	{













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    27


+	  gnutls_assert ();













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    28


+	  return GNUTLS_E_DECRYPTION_FAILED;













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    29


+	}













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    30


 













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    31


       pad = ciphertext.data[ciphertext.size - 1] + 1;	/* pad */













29a9d33b67fa
20231912 Move GnuTLS from Desktop to Userland consolidation



Ann Lai <ann.lai@oracle.com>


parents: 

diff
changeset




    32


 















upstream/oracle/userland-gate