author | Ann Lai <ann.lai@oracle.com> |
Fri, 20 Mar 2015 22:56:27 -0700 | |
changeset 4062 | f45bb9cec48c |
permissions | -rw-r--r-- |
4062
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
1 |
Source: |
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
2 |
http://www.gnutls.org/security.html |
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
3 |
Info: |
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
4 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116 |
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
5 |
The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS |
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
6 |
2.12.23 allows remote attackers to cause a denial of service (buffer over-read |
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
7 |
and crash) via a crafted padding length. NOTE: this might be due to an |
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
8 |
incorrect fix for CVE-2013-0169. |
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
9 |
Status: |
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
10 |
Need to determine if this patch has been sent upstream. |
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
11 |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
12 |
--- gnutls-2.8.6/lib/gnutls_cipher.c.orig 2013-06-04 12:03:39.812680465 +0530 |
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
13 |
+++ gnutls-2.8.6/lib/gnutls_cipher.c 2013-06-04 12:02:56.766612394 +0530 |
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
14 |
@@ -554,6 +554,8 @@ _gnutls_ciphertext2compressed (gnutls_se |
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
15 |
} |
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
16 |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
17 |
pad = ciphertext.data[ciphertext.size - 1]; /* pad */ |
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
18 |
+ if (pad+1 > ciphertext.size-hash_size) |
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
19 |
+ pad_failed = GNUTLS_E_DECRYPTION_FAILED; |
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
20 |
|
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
21 |
/* Check the pading bytes (TLS 1.x). |
f45bb9cec48c
20231912 Move GnuTLS from Desktop to Userland consolidation
Ann Lai <ann.lai@oracle.com>
parents:
diff
changeset
|
22 |
* Note that we access all 256 bytes of ciphertext for padding check |