[Pkg-gnutls-commits] r1605 - in /packages/gnutls26/branches/branch2.12.20-1+wheezy/debian: changelog patches/30_strlen_on_null.diff patches/series
ametzler at users.alioth.debian.org
ametzler at users.alioth.debian.org
Tue Nov 13 17:59:06 UTC 2012
Author: ametzler
Date: Tue Nov 13 17:59:05 2012
New Revision: 1605
URL: http://svn.debian.org/wsvn/pkg-gnutls/?sc=1&rev=1605
Log:
Fix segfault caused by running strlen() on NULL. #647747
Added:
packages/gnutls26/branches/branch2.12.20-1+wheezy/debian/patches/30_strlen_on_null.diff
Modified:
packages/gnutls26/branches/branch2.12.20-1+wheezy/debian/changelog
packages/gnutls26/branches/branch2.12.20-1+wheezy/debian/patches/series
Modified: packages/gnutls26/branches/branch2.12.20-1+wheezy/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/branches/branch2.12.20-1%2Bwheezy/debian/changelog?rev=1605&op=diff
==============================================================================
--- packages/gnutls26/branches/branch2.12.20-1+wheezy/debian/changelog (original)
+++ packages/gnutls26/branches/branch2.12.20-1+wheezy/debian/changelog Tue Nov 13 17:59:05 2012
@@ -1,3 +1,10 @@
+gnutls26 (2.12.20-2) UNRELEASED; urgency=low
+
+ * 30_strlen_on_null.diff: Fix segfault caused by running strlen() on NULL.
+ Closes: #647747
+
+ -- Andreas Metzler <ametzler at debian.org> Mon, 12 Nov 2012 19:19:43 +0100
+
gnutls26 (2.12.20-1) unstable; urgency=low
* New upstream release.
Added: packages/gnutls26/branches/branch2.12.20-1+wheezy/debian/patches/30_strlen_on_null.diff
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/branches/branch2.12.20-1%2Bwheezy/debian/patches/30_strlen_on_null.diff?rev=1605&op=file
==============================================================================
--- packages/gnutls26/branches/branch2.12.20-1+wheezy/debian/patches/30_strlen_on_null.diff (added)
+++ packages/gnutls26/branches/branch2.12.20-1+wheezy/debian/patches/30_strlen_on_null.diff Tue Nov 13 17:59:05 2012
@@ -1,0 +1,50 @@
+Description: Prevent segfault on strlen(NULL)
+ already fixed in GnuTLS 3 at 95a922c2a8b75e6eddbcc688c0d719d0b07ee395
+Bug-Debian: http://bugs.debian.org/647747
+Last-Update: 2012-11-12
+
+--- gnutls26-2.12.20.orig/lib/x509/privkey_pkcs8.c
++++ gnutls26-2.12.20/lib/x509/privkey_pkcs8.c
+@@ -1577,8 +1577,12 @@ decrypt_data (schema_id schema, ASN1_TYP
+ cipher_hd_st ch;
+ int ch_init = 0;
+ int key_size;
++ unsigned int password_lenght=0;
+
+ data_size = 0;
++ if (password) {
++ password_lenght = strlen(password);
++ }
+ result = asn1_read_value (pkcs8_asn, root, NULL, &data_size);
+ if (result != ASN1_MEM_ERROR)
+ {
+@@ -1625,7 +1629,7 @@ decrypt_data (schema_id schema, ASN1_TYP
+ case PBES2_AES_192:
+ case PBES2_AES_256:
+
+- result = _gnutls_pbkdf2_sha1 (password, strlen (password),
++ result = _gnutls_pbkdf2_sha1 (password, password_lenght,
+ kdf_params->salt, kdf_params->salt_size,
+ kdf_params->iter_count, key, key_size);
+
+@@ -1881,6 +1885,11 @@ generate_key (schema_id schema,
+ {
+ opaque rnd[2];
+ int ret;
++ unsigned int password_lenght=0;
++
++ if (password) {
++ password_lenght = strlen(password);
++ }
+
+ ret = _gnutls_rnd (GNUTLS_RND_RANDOM, rnd, 2);
+ if (ret < 0)
+@@ -1955,7 +1964,7 @@ generate_key (schema_id schema,
+ case PBES2_AES_192:
+ case PBES2_AES_256:
+
+- ret = _gnutls_pbkdf2_sha1 (password, strlen (password),
++ ret = _gnutls_pbkdf2_sha1 (password, password_lenght,
+ kdf_params->salt, kdf_params->salt_size,
+ kdf_params->iter_count,
+ key->data, kdf_params->key_size);
Modified: packages/gnutls26/branches/branch2.12.20-1+wheezy/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/branches/branch2.12.20-1%2Bwheezy/debian/patches/series?rev=1605&op=diff
==============================================================================
--- packages/gnutls26/branches/branch2.12.20-1+wheezy/debian/patches/series (original)
+++ packages/gnutls26/branches/branch2.12.20-1+wheezy/debian/patches/series Tue Nov 13 17:59:05 2012
@@ -3,3 +3,4 @@
17_ignoretestsuitteerrors.diff
18_gpgerrorinpkgconfig.diff
20_tests-select.diff
+30_strlen_on_null.diff
More information about the Pkg-gnutls-commits
mailing list