| author | Ann Lai <ann.lai@oracle.com> |
| Fri, 20 Mar 2015 22:56:27 -0700 | |
| changeset 4062 | f45bb9cec48c |
| permissions | -rw-r--r-- |
|
4062
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
1 |
Source: |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
2 |
http://www.gnutls.org/security.html |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
3 |
Info: |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
4 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4128 |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
5 |
Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
6 |
in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
7 |
that performs nonstandard session resumption, allows remote TLS servers to |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
8 |
cause a denial of service (application crash) via a large SessionTicket. |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
9 |
Status: |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
10 |
Need to determine if this patch has been sent upstream. |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
11 |
|
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
12 |
--- gnutls-2.8.6/lib/gnutls_session.c.orig Fri Apr 6 11:19:30 2012 |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
13 |
+++ gnutls-2.8.6/lib/gnutls_session.c Fri Apr 6 11:19:51 2012 |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
14 |
@@ -64,7 +64,6 @@ |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
15 |
gnutls_assert (); |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
16 |
return ret; |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
17 |
} |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
18 |
- *session_data_size = psession.size; |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
19 |
|
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
20 |
if (psession.size > *session_data_size) |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
21 |
{
|
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
22 |
@@ -71,6 +70,7 @@ |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
23 |
ret = GNUTLS_E_SHORT_MEMORY_BUFFER; |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
24 |
goto error; |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
25 |
} |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
26 |
+ *session_data_size = psession.size; |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
27 |
|
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
28 |
if (session_data != NULL) |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
29 |
memcpy (session_data, psession.data, psession.size); |