aboutsummaryrefslogtreecommitdiffstats
path: root/main/gnutls/CVE-2011-4128.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/gnutls/CVE-2011-4128.patch')
-rw-r--r--main/gnutls/CVE-2011-4128.patch24
1 files changed, 24 insertions, 0 deletions
diff --git a/main/gnutls/CVE-2011-4128.patch b/main/gnutls/CVE-2011-4128.patch
new file mode 100644
index 0000000000..2e9c5f88a9
--- /dev/null
+++ b/main/gnutls/CVE-2011-4128.patch
@@ -0,0 +1,24 @@
+Description: Check buffer size passed in from caller prior to overwriting it
+Origin: upstream, http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=190cef6eed37d0e73a73c1e205eb31d45ab60a3c
+Origin: upstream, http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=e82ef4545e9e98cbcb032f55d7c750b81e3a0450
+
+Index: gnutls26-2.10.5/lib/gnutls_session.c
+===================================================================
+--- gnutls26-2.10.5.orig/lib/gnutls_session.c 2010-08-01 15:37:30.000000000 -0500
++++ gnutls26-2.10.5/lib/gnutls_session.c 2012-04-04 03:25:20.382796666 -0500
+@@ -65,13 +65,14 @@
+ gnutls_assert ();
+ return ret;
+ }
+- *session_data_size = psession.size;
+
+ if (psession.size > *session_data_size)
+ {
++ *session_data_size = psession.size;
+ ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ goto error;
+ }
++ *session_data_size = psession.size;
+
+ if (session_data != NULL)
+ memcpy (session_data, psession.data, psession.size);