Mercurial Mercurial > upstream > oracle > userland-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/gnutls/patches/07-cve-2014-3465.patch
changeset 4062 f45bb9cec48c
equal deleted inserted replaced
3995:7d35330d300c 4062:f45bb9cec48c 
       
     1 Source:
 
       
     2 http://www.gnutls.org/security.html
 
       
     3 Info:
 
       
     4 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3465
 
       
     5 The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 
       
     6 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of 
       
     7 service (NULL pointer dereference) via a crafted X.509 certificate, related to 
       
     8 a missing LDAP description for an OID when printing the DN.
 
       
     9 Status:
 
       
    10 Need to determine if this patch has been sent upstream.
 
       
    11 
       
    12 --- gnutls-2.8.6/lib/x509/common.c.orig	2014-06-05 10:06:21.669353689 +0530
 
       
    13 +++ gnutls-2.8.6/lib/x509/common.c	2014-06-05 10:09:33.428829187 +0530
 
       
    14 @@ -160,7 +160,7 @@ _gnutls_x509_oid2ldap_string (const char
 
       
    15  
       
    16    do
 
       
    17      {
 
       
    18 -      if (strcmp (_oid2str[i].oid, oid) == 0)
 
       
    19 +      if (strcmp (_oid2str[i].oid, oid) == 0 && _oid2str[i].ldap_desc != NULL)
 
       
    20  	return _oid2str[i].ldap_desc;
 
       
    21        i++;
 
       
    22      }
upstream/oracle/userland-gate