Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/gnutls/patches/05-cve-2013-2116.patch
author Ann Lai <ann.lai@oracle.com>
Fri, 20 Mar 2015 22:56:27 -0700
changeset 4062 f45bb9cec48c
permissions -rw-r--r--
20231912 Move GnuTLS from Desktop to Userland consolidation

Source:
http://www.gnutls.org/security.html
Info:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116
The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 
2.12.23 allows remote attackers to cause a denial of service (buffer over-read 
and crash) via a crafted padding length. NOTE: this might be due to an 
incorrect fix for CVE-2013-0169.
Status:
Need to determine if this patch has been sent upstream.

--- gnutls-2.8.6/lib/gnutls_cipher.c.orig	2013-06-04 12:03:39.812680465 +0530
+++ gnutls-2.8.6/lib/gnutls_cipher.c	2013-06-04 12:02:56.766612394 +0530
@@ -554,6 +554,8 @@ _gnutls_ciphertext2compressed (gnutls_se
 	}
 
       pad = ciphertext.data[ciphertext.size - 1];   /* pad */
+      if (pad+1 > ciphertext.size-hash_size)
+        pad_failed = GNUTLS_E_DECRYPTION_FAILED;
 
       /* Check the pading bytes (TLS 1.x).
        * Note that we access all 256 bytes of ciphertext for padding check
upstream/oracle/userland-gate