aboutsummaryrefslogtreecommitdiffstats
path: root/community/csync2/CVE-2019-15523.patch
diff options
context:
space:
mode:
Diffstat (limited to 'community/csync2/CVE-2019-15523.patch')
-rw-r--r--community/csync2/CVE-2019-15523.patch101
1 files changed, 101 insertions, 0 deletions
diff --git a/community/csync2/CVE-2019-15523.patch b/community/csync2/CVE-2019-15523.patch
new file mode 100644
index 00000000000..575bee0dafa
--- /dev/null
+++ b/community/csync2/CVE-2019-15523.patch
@@ -0,0 +1,101 @@
+From 92742544a56bcbcd9ec99ca15f898b31797e39e2 Mon Sep 17 00:00:00 2001
+From: Malte Kraus <malte.kraus@suse.com>
+Date: Tue, 13 Aug 2019 13:36:26 +0200
+Subject: [PATCH] repeat gnutls_handshake() call in case of warnings
+
+that's what the semantics of this call require
+---
+ conn.c | 71 ++++++++++++++++++++++++++++++++--------------------------
+ 1 file changed, 39 insertions(+), 32 deletions(-)
+
+diff --git a/conn.c b/conn.c
+index be26f72..c013860 100644
+--- a/conn.c
++++ b/conn.c
+@@ -276,6 +276,7 @@ int conn_activate_ssl(int server_role)
+ char *ssl_keyfile;
+ char *ssl_certfile;
+ int err;
++ int handshake_repeat = 0;
+
+ if (csync_conn_usessl)
+ return 0;
+@@ -333,40 +334,46 @@ int conn_activate_ssl(int server_role)
+ (gnutls_transport_ptr_t)(long)conn_fd_out
+ );
+
+- err = gnutls_handshake(conn_tls_session);
+- switch(err) {
+- case GNUTLS_E_SUCCESS:
+- break;
+-
+- case GNUTLS_E_WARNING_ALERT_RECEIVED:
+- alrt = gnutls_alert_get(conn_tls_session);
+- fprintf(
+- csync_debug_out,
+- "SSL: warning alert received from peer: %d (%s).\n",
+- alrt, gnutls_alert_get_name(alrt)
+- );
+- break;
+-
+- case GNUTLS_E_FATAL_ALERT_RECEIVED:
+- alrt = gnutls_alert_get(conn_tls_session);
+- fprintf(
+- csync_debug_out,
+- "SSL: fatal alert received from peer: %d (%s).\n",
+- alrt, gnutls_alert_get_name(alrt)
+- );
+
+- default:
+- gnutls_bye(conn_tls_session, GNUTLS_SHUT_RDWR);
+- gnutls_deinit(conn_tls_session);
+- gnutls_certificate_free_credentials(conn_x509_cred);
+- gnutls_global_deinit();
++ do {
++ handshake_repeat = 0;
++ err = gnutls_handshake(conn_tls_session);
++ switch(err) {
++ case GNUTLS_E_SUCCESS:
++ break;
+
+- csync_fatal(
+- "SSL: handshake failed: %s (%s)\n",
+- gnutls_strerror(err),
+- gnutls_strerror_name(err)
+- );
+- }
++ case GNUTLS_E_WARNING_ALERT_RECEIVED:
++ alrt = gnutls_alert_get(conn_tls_session);
++ fprintf(
++ csync_debug_out,
++ "SSL: warning alert received from peer: %d (%s).\n",
++ alrt, gnutls_alert_get_name(alrt)
++ );
++ handshake_repeat = 1;
++ break;
++
++ case GNUTLS_E_FATAL_ALERT_RECEIVED:
++ alrt = gnutls_alert_get(conn_tls_session);
++ fprintf(
++ csync_debug_out,
++ "SSL: fatal alert received from peer: %d (%s).\n",
++ alrt, gnutls_alert_get_name(alrt)
++ );
++ // fall-through!
++
++ default:
++ gnutls_bye(conn_tls_session, GNUTLS_SHUT_RDWR);
++ gnutls_deinit(conn_tls_session);
++ gnutls_certificate_free_credentials(conn_x509_cred);
++ gnutls_global_deinit();
++
++ csync_fatal(
++ "SSL: handshake failed: %s (%s)\n",
++ gnutls_strerror(err),
++ gnutls_strerror_name(err)
++ );
++ }
++ } while (handshake_repeat);
+
+ csync_conn_usessl = 1;
+
generated by cgit v1.2.3 (git 2.41.0) at 2024-04-25 00:46:54 +0000