blob: 53a8af0e08f5327d0aae1f25283339d0bcfbb42f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
From c8cf27468841f2ad51b287176b440c6608edc6ba Mon Sep 17 00:00:00 2001
From: mancha <mancha1@hush.com>
Date: Sun, 29 Sep 2013
Subject: CVE-2012-1573 [GNUTLS-SA-2012-2]
Address a TLS record handling vulnerability in GnuTLS.
This is a backport adaptation for use with GnuTLS 2.8.6.
Relevant upstream commit:
-------------------------
https://gitorious.org/gnutls/gnutls/commit/42221486806137
---
gnutls_cipher.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
--- a/lib/gnutls_cipher.c 2013-09-27
+++ b/lib/gnutls_cipher.c 2013-09-27
@@ -501,14 +501,13 @@ _gnutls_ciphertext2compressed (gnutls_se
{
ciphertext.size -= blocksize;
ciphertext.data += blocksize;
-
- if (ciphertext.size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_DECRYPTION_FAILED;
- }
}
+ if (ciphertext.size < hash_size)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_DECRYPTION_FAILED;
+ }
pad = ciphertext.data[ciphertext.size - 1] + 1; /* pad */
if ((int) pad > (int) ciphertext.size - hash_size)
|