|
1 Source: |
|
2 http://www.gnutls.org/security.html |
|
3 Info: |
|
4 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092 |
|
5 lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not |
|
6 properly handle unspecified errors when verifying X.509 certificates from SSL |
|
7 servers, which allows man-in-the-middle attackers to spoof servers via a |
|
8 crafted certificate. |
|
9 Status: |
|
10 Need to determine if this patch has been sent upstream. |
|
11 |
|
12 --- gnutls-2.8.6/lib/x509/verify.c.orig Thu Mar 6 14:01:51 2014 |
|
13 +++ gnutls-2.8.6/lib/x509/verify.c Thu Mar 6 14:50:52 2014 |
|
14 @@ -112,7 +112,7 @@ |
|
15 if (result < 0) |
|
16 { |
|
17 gnutls_assert (); |
|
18 - goto cleanup; |
|
19 + goto fail; |
|
20 } |
|
21 |
|
22 result = |
|
23 @@ -121,7 +121,7 @@ |
|
24 if (result < 0) |
|
25 { |
|
26 gnutls_assert (); |
|
27 - goto cleanup; |
|
28 + goto fail; |
|
29 } |
|
30 |
|
31 result = |
|
32 @@ -129,7 +129,7 @@ |
|
33 if (result < 0) |
|
34 { |
|
35 gnutls_assert (); |
|
36 - goto cleanup; |
|
37 + goto fail; |
|
38 } |
|
39 |
|
40 result = |
|
41 @@ -137,7 +137,7 @@ |
|
42 if (result < 0) |
|
43 { |
|
44 gnutls_assert (); |
|
45 - goto cleanup; |
|
46 + goto fail; |
|
47 } |
|
48 |
|
49 /* If the subject certificate is the same as the issuer |
|
50 @@ -177,6 +177,7 @@ |
|
51 else |
|
52 gnutls_assert (); |
|
53 |
|
54 +fail: |
|
55 result = 0; |
|
56 |
|
57 cleanup: |
|
58 @@ -269,7 +270,7 @@ |
|
59 gnutls_datum_t cert_signed_data = { NULL, 0 }; |
|
60 gnutls_datum_t cert_signature = { NULL, 0 }; |
|
61 gnutls_x509_crt_t issuer; |
|
62 - int ret, issuer_version, result; |
|
63 + int ret, issuer_version, result = 0; |
|
64 |
|
65 if (output) |
|
66 *output = 0; |
|
67 @@ -299,7 +300,7 @@ |
|
68 if (issuer_version < 0) |
|
69 { |
|
70 gnutls_assert (); |
|
71 - return issuer_version; |
|
72 + return 0; |
|
73 } |
|
74 |
|
75 if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) && |
|
76 @@ -320,6 +321,7 @@ |
|
77 if (result < 0) |
|
78 { |
|
79 gnutls_assert (); |
|
80 + result = 0; |
|
81 goto cleanup; |
|
82 } |
|
83 |
|
84 @@ -328,23 +330,25 @@ |
|
85 if (result < 0) |
|
86 { |
|
87 gnutls_assert (); |
|
88 + result = 0; |
|
89 goto cleanup; |
|
90 } |
|
91 |
|
92 - ret = |
|
93 + result = |
|
94 _gnutls_x509_verify_signature (&cert_signed_data, NULL, &cert_signature, |
|
95 issuer); |
|
96 - if (ret < 0) |
|
97 + if (result < 0) |
|
98 { |
|
99 + result = 0; |
|
100 gnutls_assert (); |
|
101 + goto cleanup; |
|
102 } |
|
103 - else if (ret == 0) |
|
104 + else if (result == 0) |
|
105 { |
|
106 gnutls_assert (); |
|
107 /* error. ignore it */ |
|
108 if (output) |
|
109 *output |= GNUTLS_CERT_INVALID; |
|
110 - ret = 0; |
|
111 } |
|
112 |
|
113 /* If the certificate is not self signed check if the algorithms |
|
114 @@ -364,11 +368,10 @@ |
|
115 { |
|
116 if (output) |
|
117 *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID; |
|
118 - ret = 0; |
|
119 + result = 0; |
|
120 } |
|
121 } |
|
122 |
|
123 - result = ret; |
|
124 |
|
125 cleanup: |
|
126 _gnutls_free_datum (&cert_signed_data); |