/[packages]/updates/3/gnutls/current/SOURCES/gnutls-3.1.27-CVE-2014-8564.patch
ViewVC logotype

Contents of /updates/3/gnutls/current/SOURCES/gnutls-3.1.27-CVE-2014-8564.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 796755 - (show annotations) (download)
Thu Nov 13 14:33:26 2014 UTC (4 years, 10 months ago) by luigiwalser
File size: 1612 byte(s)
add upstream patch to fix CVE-2014-8564
1 From 7429872b74c8216bbf15e241e47aba94369ef083 Mon Sep 17 00:00:00 2001
2 From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
3 Date: Mon, 10 Nov 2014 07:50:18 +0100
4 Subject: [PATCH] when exporting curve coordinates to X9.63 format, perform additional sanity checks on input
5
6 Reported by Sean Burford.
7 ---
8 lib/gnutls_ecc.c | 25 +++++++++++++++++++++++--
9 1 files changed, 23 insertions(+), 2 deletions(-)
10
11 diff --git a/lib/gnutls_ecc.c b/lib/gnutls_ecc.c
12 index 51abe7b..78d6b26 100644
13 --- a/lib/gnutls_ecc.c
14 +++ b/lib/gnutls_ecc.c
15 @@ -53,20 +53,41 @@ _gnutls_ecc_ansi_x963_export (gnutls_ecc_curve_t curve, bigint_t x, bigint_t y,
16
17 /* pad and store x */
18 byte_size = (_gnutls_mpi_get_nbits (x) + 7) / 8;
19 + if (numlen < byte_size)
20 + {
21 + ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
22 + goto cleanup;
23 + }
24 +
25 size = out->size - (1 + (numlen - byte_size));
26 ret = _gnutls_mpi_print (x, &out->data[1 + (numlen - byte_size)], &size);
27 if (ret < 0)
28 - return gnutls_assert_val (ret);
29 + {
30 + gnutls_assert();
31 + goto cleanup;
32 + }
33
34 byte_size = (_gnutls_mpi_get_nbits (y) + 7) / 8;
35 + if (numlen < byte_size)
36 + {
37 + ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
38 + goto cleanup;
39 + }
40 +
41 size = out->size - (1 + (numlen + numlen - byte_size));
42 ret =
43 _gnutls_mpi_print (y, &out->data[1 + numlen + numlen - byte_size], &size);
44 if (ret < 0)
45 - return gnutls_assert_val (ret);
46 + {
47 + gnutls_assert();
48 + goto cleanup;
49 + }
50
51 /* pad and store y */
52 return 0;
53 +cleanup:
54 + _gnutls_free_datum(out);
55 + return ret;
56 }
57
58
59 --
60 1.7.1
61

  ViewVC Help
Powered by ViewVC 1.1.26