Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/gnutls/patches/07-cve-2014-3465.patch
author jiri.kralovec@oracle.com <jiri.kralovec@oracle.com>
Fri, 07 Apr 2017 00:53:32 -0700
changeset 7846 eaed6d702f04
parent 4068 29a9d33b67fa
permissions -rw-r--r--
25556325 Firefox 45 sometimes generates core file on exit

Source:
http://www.gnutls.org/security.html
Info:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3465
The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 
3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of 
service (NULL pointer dereference) via a crafted X.509 certificate, related to 
a missing LDAP description for an OID when printing the DN.
Status:
Need to determine if this patch has been sent upstream.

--- gnutls-2.8.6/lib/x509/common.c.orig	2014-06-05 10:06:21.669353689 +0530
+++ gnutls-2.8.6/lib/x509/common.c	2014-06-05 10:09:33.428829187 +0530
@@ -160,7 +160,7 @@ _gnutls_x509_oid2ldap_string (const char
 
   do
     {
-      if (strcmp (_oid2str[i].oid, oid) == 0)
+      if (strcmp (_oid2str[i].oid, oid) == 0 && _oid2str[i].ldap_desc != NULL)
 	return _oid2str[i].ldap_desc;
       i++;
     }
upstream/oracle/userland-gate