diff options
Diffstat (limited to 'patches/source/gnutls/gnutls-2.8.6_CVE-2012-1573.diff')
-rw-r--r-- | patches/source/gnutls/gnutls-2.8.6_CVE-2012-1573.diff | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/patches/source/gnutls/gnutls-2.8.6_CVE-2012-1573.diff b/patches/source/gnutls/gnutls-2.8.6_CVE-2012-1573.diff new file mode 100644 index 00000000..53a8af0e --- /dev/null +++ b/patches/source/gnutls/gnutls-2.8.6_CVE-2012-1573.diff @@ -0,0 +1,39 @@ +From c8cf27468841f2ad51b287176b440c6608edc6ba Mon Sep 17 00:00:00 2001 +From: mancha <mancha1@hush.com> +Date: Sun, 29 Sep 2013 +Subject: CVE-2012-1573 [GNUTLS-SA-2012-2] + +Address a TLS record handling vulnerability in GnuTLS. + +This is a backport adaptation for use with GnuTLS 2.8.6. + +Relevant upstream commit: +------------------------- +https://gitorious.org/gnutls/gnutls/commit/42221486806137 + +--- + gnutls_cipher.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +--- a/lib/gnutls_cipher.c 2013-09-27 ++++ b/lib/gnutls_cipher.c 2013-09-27 +@@ -501,14 +501,13 @@ _gnutls_ciphertext2compressed (gnutls_se + { + ciphertext.size -= blocksize; + ciphertext.data += blocksize; +- +- if (ciphertext.size == 0) +- { +- gnutls_assert (); +- return GNUTLS_E_DECRYPTION_FAILED; +- } + } + ++ if (ciphertext.size < hash_size) ++ { ++ gnutls_assert (); ++ return GNUTLS_E_DECRYPTION_FAILED; ++ } + pad = ciphertext.data[ciphertext.size - 1] + 1; /* pad */ + + if ((int) pad > (int) ciphertext.size - hash_size) |