equal
deleted
inserted
replaced
|
1 Source: |
|
2 http://www.gnutls.org/security.html |
|
3 Info: |
|
4 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3465 |
|
5 The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before |
|
6 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of |
|
7 service (NULL pointer dereference) via a crafted X.509 certificate, related to |
|
8 a missing LDAP description for an OID when printing the DN. |
|
9 Status: |
|
10 Need to determine if this patch has been sent upstream. |
|
11 |
|
12 --- gnutls-2.8.6/lib/x509/common.c.orig 2014-06-05 10:06:21.669353689 +0530 |
|
13 +++ gnutls-2.8.6/lib/x509/common.c 2014-06-05 10:09:33.428829187 +0530 |
|
14 @@ -160,7 +160,7 @@ _gnutls_x509_oid2ldap_string (const char |
|
15 |
|
16 do |
|
17 { |
|
18 - if (strcmp (_oid2str[i].oid, oid) == 0) |
|
19 + if (strcmp (_oid2str[i].oid, oid) == 0 && _oid2str[i].ldap_desc != NULL) |
|
20 return _oid2str[i].ldap_desc; |
|
21 i++; |
|
22 } |