aboutsummaryrefslogtreecommitdiffstats
path: root/main/gnutls/CVE-2012-1573.patch
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2013-04-11 13:10:14 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2013-04-11 13:28:14 +0000
commit47656f3ce258fd3968b8f4dc2c27c2fa4e71a70d (patch)
tree1a7e73b6231545f5a2d492ec887cb4ac3dbab03d /main/gnutls/CVE-2012-1573.patch
parentce3adccd9865fd634d89940731b9c81c178a9b4c (diff)
downloadaports-47656f3ce258fd3968b8f4dc2c27c2fa4e71a70d.tar.bz2
aports-47656f3ce258fd3968b8f4dc2c27c2fa4e71a70d.tar.xz
main/gnutls: security fix (CVE-2013-1619)
Patch from ubuntu: https://launchpadlibrarian.net/132499561/gnutls26_2.10.5-1ubuntu3.2_2.10.5-1ubuntu3.3.diff.gz fixes #1657
Diffstat (limited to 'main/gnutls/CVE-2012-1573.patch')
-rw-r--r--main/gnutls/CVE-2012-1573.patch27
1 files changed, 27 insertions, 0 deletions
diff --git a/main/gnutls/CVE-2012-1573.patch b/main/gnutls/CVE-2012-1573.patch
new file mode 100644
index 0000000000..4cd5fe9ff8
--- /dev/null
+++ b/main/gnutls/CVE-2012-1573.patch
@@ -0,0 +1,27 @@
+Description: Validate record size when parsing GenericBlockCipher structure
+Origin: backport, http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d
+
+Index: gnutls26-2.10.5/lib/gnutls_cipher.c
+===================================================================
+--- gnutls26-2.10.5.orig/lib/gnutls_cipher.c 2012-04-04 04:17:33.902871139 -0500
++++ gnutls26-2.10.5/lib/gnutls_cipher.c 2012-04-04 04:17:56.666871679 -0500
+@@ -515,14 +515,13 @@
+ {
+ ciphertext.size -= blocksize;
+ ciphertext.data += blocksize;
+-
+- if (ciphertext.size == 0)
+- {
+- gnutls_assert ();
+- return GNUTLS_E_DECRYPTION_FAILED;
+- }
+ }
+
++ if (ciphertext.size < hash_size)
++ {
++ gnutls_assert ();
++ return GNUTLS_E_DECRYPTION_FAILED;
++ }
+ pad = ciphertext.data[ciphertext.size - 1] + 1; /* pad */
+
+ if ((int) pad > (int) ciphertext.size - hash_size)