upstream/oracle/userland-gate: components/gnutls/patches/05-cve-2013-2116.patch@f45bb9cec48c (annotated)

4062 f45bb9cec48c 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	1	Source:
f45bb9cec48c 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	2	http://www.gnutls.org/security.html
f45bb9cec48c 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	3	Info:
f45bb9cec48c 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	4	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116
f45bb9cec48c 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	5	The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS
f45bb9cec48c 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	6	2.12.23 allows remote attackers to cause a denial of service (buffer over-read
f45bb9cec48c 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	7	and crash) via a crafted padding length. NOTE: this might be due to an
f45bb9cec48c 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	8	incorrect fix for CVE-2013-0169.
f45bb9cec48c 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	9	Status:
f45bb9cec48c 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	10	Need to determine if this patch has been sent upstream.
f45bb9cec48c 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	11
f45bb9cec48c 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	12	--- gnutls-2.8.6/lib/gnutls_cipher.c.orig 2013-06-04 12:03:39.812680465 +0530
f45bb9cec48c 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	13	+++ gnutls-2.8.6/lib/gnutls_cipher.c 2013-06-04 12:02:56.766612394 +0530
f45bb9cec48c 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	14	@@ -554,6 +554,8 @@ _gnutls_ciphertext2compressed (gnutls_se
f45bb9cec48c 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	15	}
f45bb9cec48c 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	16
f45bb9cec48c 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	17	pad = ciphertext.data[ciphertext.size - 1]; /* pad */
f45bb9cec48c 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	18	+ if (pad+1 > ciphertext.size-hash_size)
f45bb9cec48c 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	19	+ pad_failed = GNUTLS_E_DECRYPTION_FAILED;
f45bb9cec48c 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	20
f45bb9cec48c 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	21	/* Check the pading bytes (TLS 1.x).
f45bb9cec48c 20231912 Move GnuTLS from Desktop to Userland consolidation Ann Lai <ann.lai@oracle.com> parents: diff changeset	22	* Note that we access all 256 bytes of ciphertext for padding check

author	Ann Lai <ann.lai@oracle.com>
	Fri, 20 Mar 2015 22:56:27 -0700
changeset 4062	f45bb9cec48c
permissions	-rw-r--r--