1 Source:

     2 http://www.gnutls.org/security.html

     3 Info:

     4 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092

     5 lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not 

     6 properly handle unspecified errors when verifying X.509 certificates from SSL 

     7 servers, which allows man-in-the-middle attackers to spoof servers via a 

     8 crafted certificate.

     9 Status:

    10 Need to determine if this patch has been sent upstream.

    11 

    12 --- gnutls-2.8.6/lib/x509/verify.c.orig	Thu Mar  6 14:01:51 2014

    13 +++ gnutls-2.8.6/lib/x509/verify.c	Thu Mar  6 14:50:52 2014

    14 @@ -112,7 +112,7 @@

    15    if (result < 0)

    16      {

    17        gnutls_assert ();

    18 -      goto cleanup;

    19 +      goto fail;

    20      }

    21  

    22    result =

    23 @@ -121,7 +121,7 @@

    24    if (result < 0)

    25      {

    26        gnutls_assert ();

    27 -      goto cleanup;

    28 +      goto fail;

    29      }

    30  

    31    result =

    32 @@ -129,7 +129,7 @@

    33    if (result < 0)

    34      {

    35        gnutls_assert ();

    36 -      goto cleanup;

    37 +      goto fail;

    38      }

    39  

    40    result =

    41 @@ -137,7 +137,7 @@

    42    if (result < 0)

    43      {

    44        gnutls_assert ();

    45 -      goto cleanup;

    46 +      goto fail;

    47      }

    48  

    49    /* If the subject certificate is the same as the issuer

    50 @@ -177,6 +177,7 @@

    51    else

    52      gnutls_assert ();

    53  

    54 +fail:

    55    result = 0;

    56  

    57  cleanup:

    58 @@ -269,7 +270,7 @@

    59    gnutls_datum_t cert_signed_data = { NULL, 0 };

    60    gnutls_datum_t cert_signature = { NULL, 0 };

    61    gnutls_x509_crt_t issuer;

    62 -  int ret, issuer_version, result;

    63 +  int ret, issuer_version, result = 0;

    64  

    65    if (output)

    66      *output = 0;

    67 @@ -299,7 +300,7 @@

    68    if (issuer_version < 0)

    69      {

    70        gnutls_assert ();

    71 -      return issuer_version;

    72 +      return 0;

    73      }

    74  

    75    if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&

    76 @@ -320,6 +321,7 @@

    77    if (result < 0)

    78      {

    79        gnutls_assert ();

    80 +      result = 0;

    81        goto cleanup;

    82      }

    83  

    84 @@ -328,23 +330,25 @@

    85    if (result < 0)

    86      {

    87        gnutls_assert ();

    88 +      result = 0;

    89        goto cleanup;

    90      }

    91  

    92 -  ret =

    93 +  result =

    94      _gnutls_x509_verify_signature (&cert_signed_data, NULL, &cert_signature,

    95  				   issuer);

    96 -  if (ret < 0)

    97 +  if (result < 0)

    98      {

    99 +      result = 0;

   100        gnutls_assert ();

   101 +      goto cleanup;

   102      }

   103 -  else if (ret == 0)

   104 +  else if (result == 0)

   105      {

   106        gnutls_assert ();

   107        /* error. ignore it */

   108        if (output)

   109  	*output |= GNUTLS_CERT_INVALID;

   110 -      ret = 0;

   111      }

   112  

   113    /* If the certificate is not self signed check if the algorithms

   114 @@ -364,11 +368,10 @@

   115  	{

   116  	  if (output)

   117  	    *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;

   118 -	  ret = 0;

   119 +	  result = 0;

   120  	}

   121      }

   122  

   123 -  result = ret;

   124  

   125  cleanup:

   126    _gnutls_free_datum (&cert_signed_data);