Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/gnutls/patches/02-cve-2012-1573.patch
author Ann Lai <ann.lai@oracle.com>
Wed, 08 Apr 2015 10:31:09 -0700
changeset 4068 29a9d33b67fa
permissions -rw-r--r--
20231912 Move GnuTLS from Desktop to Userland consolidation

Source:
http://www.gnutls.org/security.html
Info:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1573
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 
does not properly handle data encrypted with a block cipher, which allows 
remote attackers to cause a denial of service (heap memory corruption and 
application crash) via a crafted record, as demonstrated by a crafted 
GenericBlockCipher structure.
Status:
Need to determine if this patch has been sent upstream.

--- gnutls-2.8.6/lib/gnutls_cipher.c.orig	Mon Nov  2 18:30:39 2009
+++ gnutls-2.8.6/lib/gnutls_cipher.c	Fri Apr  6 11:09:15 2012
@@ -502,12 +502,12 @@
 	  ciphertext.size -= blocksize;
 	  ciphertext.data += blocksize;
 
-	  if (ciphertext.size == 0)
-	    {
-	      gnutls_assert ();
-	      return GNUTLS_E_DECRYPTION_FAILED;
-	    }
 	}
+      if (ciphertext.size < hash_size)
+	{
+	  gnutls_assert ();
+	  return GNUTLS_E_DECRYPTION_FAILED;
+	}
 
       pad = ciphertext.data[ciphertext.size - 1] + 1;	/* pad */
upstream/oracle/userland-gate