equal
deleted
inserted
replaced
|
1 Source: |
|
2 http://www.gnutls.org/security.html |
|
3 Info: |
|
4 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4128 |
|
5 Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c |
|
6 in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client |
|
7 that performs nonstandard session resumption, allows remote TLS servers to |
|
8 cause a denial of service (application crash) via a large SessionTicket. |
|
9 Status: |
|
10 Need to determine if this patch has been sent upstream. |
|
11 |
|
12 --- gnutls-2.8.6/lib/gnutls_session.c.orig Fri Apr 6 11:19:30 2012 |
|
13 +++ gnutls-2.8.6/lib/gnutls_session.c Fri Apr 6 11:19:51 2012 |
|
14 @@ -64,7 +64,6 @@ |
|
15 gnutls_assert (); |
|
16 return ret; |
|
17 } |
|
18 - *session_data_size = psession.size; |
|
19 |
|
20 if (psession.size > *session_data_size) |
|
21 { |
|
22 @@ -71,6 +70,7 @@ |
|
23 ret = GNUTLS_E_SHORT_MEMORY_BUFFER; |
|
24 goto error; |
|
25 } |
|
26 + *session_data_size = psession.size; |
|
27 |
|
28 if (session_data != NULL) |
|
29 memcpy (session_data, psession.data, psession.size); |