Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/gnutls/patches/08-cve-2014-3466.patch
author Mike Sullivan <Mike.Sullivan@Oracle.COM>
Fri, 16 Dec 2016 19:13:08 -0800
changeset 7502 71060ae349b6
parent 4068 29a9d33b67fa
permissions -rw-r--r--
Close of build 115.

Source:
http://www.gnutls.org/security.html
Info:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in 
GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote 
servers to cause a denial of service (memory corruption) or possibly execute 
arbitrary code via a long session id in a ServerHello message.
Status:
Need to determine if this patch has been sent upstream.

--- gnutls-2.8.6/lib/gnutls_handshake.c.orig	2014-06-05 10:04:17.494148857 +0530
+++ gnutls-2.8.6/lib/gnutls_handshake.c	2014-06-05 10:05:44.462058226 +0530
@@ -1518,7 +1518,7 @@ _gnutls_read_server_hello (gnutls_sessio
   DECR_LEN (len, 1);
   session_id_len = data[pos++];
 
-  if (len < session_id_len)
+  if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE)
     {
       gnutls_assert ();
       return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
upstream/oracle/userland-gate