1 Source:

     2 http://www.gnutls.org/security.html

     3 Info:

     4 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4128

     5 Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c     

     6 in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client 

     7 that performs nonstandard session resumption, allows remote TLS servers to 

     8 cause a denial of service (application crash) via a large SessionTicket.

     9 Status:

    10 Need to determine if this patch has been sent upstream.

    11 

    12 --- gnutls-2.8.6/lib/gnutls_session.c.orig	Fri Apr  6 11:19:30 2012

    13 +++ gnutls-2.8.6/lib/gnutls_session.c	Fri Apr  6 11:19:51 2012

    14 @@ -64,7 +64,6 @@

    15        gnutls_assert ();

    16        return ret;

    17      }

    18 -  *session_data_size = psession.size;

    19  

    20    if (psession.size > *session_data_size)

    21      {

    22 @@ -71,6 +70,7 @@

    23        ret = GNUTLS_E_SHORT_MEMORY_BUFFER;

    24        goto error;

    25      }

    26 +  *session_data_size = psession.size;

    27  

    28    if (session_data != NULL)

    29      memcpy (session_data, psession.data, psession.size);