Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/gnutls/patches/08-cve-2014-3466.patch
changeset 4068 29a9d33b67fa 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/gnutls/patches/08-cve-2014-3466.patch	Wed Apr 08 10:31:09 2015 -0700
@@ -0,0 +1,22 @@
+Source:
+http://www.gnutls.org/security.html
+Info:
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466
+Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in 
+GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote 
+servers to cause a denial of service (memory corruption) or possibly execute 
+arbitrary code via a long session id in a ServerHello message.
+Status:
+Need to determine if this patch has been sent upstream.
+
+--- gnutls-2.8.6/lib/gnutls_handshake.c.orig	2014-06-05 10:04:17.494148857 +0530
++++ gnutls-2.8.6/lib/gnutls_handshake.c	2014-06-05 10:05:44.462058226 +0530
+@@ -1518,7 +1518,7 @@ _gnutls_read_server_hello (gnutls_sessio
+   DECR_LEN (len, 1);
+   session_id_len = data[pos++];
+ 
+-  if (len < session_id_len)
++  if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE)
+     {
+       gnutls_assert ();
+       return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
upstream/oracle/userland-gate