1 files changed, 45 insertions, 0 deletions

diff --git a/patches/source/gnutls/gnutls-2.8.6_CVE-2014-3467.diff b/patches/source/gnutls/gnutls-2.8.6_CVE-2014-3467.diff
new file mode 100644
index 00000000..26427ef8
--- /dev/null
+++ b/patches/source/gnutls/gnutls-2.8.6_CVE-2014-3467.diff
@@ -0,0 +1,45 @@
+From b91a75fb2a91a1c7c1a068b25ee073f308f2c7ca Mon Sep 17 00:00:00 2001
+From: mancha <mancha1@zoho.com>
+Date: Mon, 2 Jun 2014
+Subject: CVE-2014-3467
+
+This is a backport adaptation for use with GnuTLS 2.8.6.
+
+Relevant upstream commit(s):
+-------------------------
+http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=ff3b5c68cc32e3
+http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=51612fca32dda4
+
+---
+ lib/minitasn1/decoding.c |    6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/lib/minitasn1/decoding.c
++++ b/lib/minitasn1/decoding.c
+@@ -135,7 +135,7 @@ asn1_get_tag_der (const unsigned char *d
+       /* Long form */
+       punt = 1;
+       ris = 0;
+-      while (punt <= der_len && der[punt] & 128)
++      while (punt < der_len && der[punt] & 128)
+ 	{
+ 	  int last = ris;
+ 	  ris = ris * 128 + (der[punt++] & 0x7F);
+@@ -245,7 +245,7 @@ _asn1_get_time_der (const unsigned char
+   if (der_len <= 0 || str == NULL)
+     return ASN1_DER_ERROR;
+   str_len = asn1_get_length_der (der, der_len, &len_len);
+-  if (str_len < 0 || str_size < str_len)
++  if (str_len <= 0 || str_size < str_len)
+     return ASN1_DER_ERROR;
+   memcpy (str, der + len_len, str_len);
+   str[str_len] = 0;
+@@ -273,7 +273,7 @@ _asn1_get_objectid_der (const unsigned c
+     return ASN1_GENERIC_ERROR;
+   len = asn1_get_length_der (der, der_len, &len_len);
+ 
+-  if (len < 0 || len > der_len || len_len > der_len)
++  if (len <= 0 || len > der_len || len_len > der_len)
+     return ASN1_DER_ERROR;
+ 
+   val1 = der[len_len] / 40;