1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
From 27892001331da24704fca8fa39041289ff7d3cd9 Mon Sep 17 00:00:00 2001
From: mancha <mancha1@hush.com>
Date: Mon, 03 Mar 2014
Subject: CVE-2014-0092 (GNUTLS-SA-2014-2)
Fix vulnerabilities in the certificate verification code path.
The vulnerabilities can be exploited such that specially-crafted
certificates can bypass certificate validation checks.
This is a backport adaptation for use with GnuTLS 2.8.6.
Relevant upstream commit:
-------------------------
https://gitorious.org/gnutls/gnutls/commit/6aa26f78150ccb
---
lib/x509/verify.c | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -112,7 +112,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnu
if (result < 0)
{
gnutls_assert ();
- goto cleanup;
+ goto fail;
}
result =
@@ -121,7 +121,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnu
if (result < 0)
{
gnutls_assert ();
- goto cleanup;
+ goto fail;
}
result =
@@ -129,7 +129,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnu
if (result < 0)
{
gnutls_assert ();
- goto cleanup;
+ goto fail;
}
result =
@@ -137,7 +137,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnu
if (result < 0)
{
gnutls_assert ();
- goto cleanup;
+ goto fail;
}
/* If the subject certificate is the same as the issuer
@@ -177,6 +177,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnu
else
gnutls_assert ();
+fail:
result = 0;
cleanup:
@@ -269,7 +270,7 @@ _gnutls_verify_certificate2 (gnutls_x509
gnutls_datum_t cert_signed_data = { NULL, 0 };
gnutls_datum_t cert_signature = { NULL, 0 };
gnutls_x509_crt_t issuer;
- int ret, issuer_version, result;
+ int ret, issuer_version, result = 0;
if (output)
*output = 0;
@@ -299,7 +300,7 @@ _gnutls_verify_certificate2 (gnutls_x509
if (issuer_version < 0)
{
gnutls_assert ();
- return issuer_version;
+ return 0;
}
if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
@@ -320,6 +321,7 @@ _gnutls_verify_certificate2 (gnutls_x509
if (result < 0)
{
gnutls_assert ();
+ result = 0;
goto cleanup;
}
@@ -328,6 +330,7 @@ _gnutls_verify_certificate2 (gnutls_x509
if (result < 0)
{
gnutls_assert ();
+ result = 0;
goto cleanup;
}
@@ -337,6 +340,8 @@ _gnutls_verify_certificate2 (gnutls_x509
if (ret < 0)
{
gnutls_assert ();
+ result = 0;
+ goto cleanup;
}
else if (ret == 0)
{
|
