[Pkg-gnutls-commits] r1610 - in /packages/gnutls26/trunk/debian: changelog patches/30_strlen_on_null.diff patches/series
ametzler at users.alioth.debian.org
ametzler at users.alioth.debian.org
Sun Nov 18 13:42:49 UTC 2012
Author: ametzler
Date: Sun Nov 18 13:42:48 2012
New Revision: 1610
URL: http://svn.debian.org/wsvn/pkg-gnutls/?sc=1&rev=1610
Log:
30_strlen_on_null.diff: Pulled from upstream git. Fix segfault caused
by running strlen() on NULL. Closes: #647747
Added:
packages/gnutls26/trunk/debian/patches/30_strlen_on_null.diff
Modified:
packages/gnutls26/trunk/debian/changelog
packages/gnutls26/trunk/debian/patches/series
Modified: packages/gnutls26/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/debian/changelog?rev=1610&op=diff
==============================================================================
--- packages/gnutls26/trunk/debian/changelog (original)
+++ packages/gnutls26/trunk/debian/changelog Sun Nov 18 13:42:48 2012
@@ -1,6 +1,8 @@
gnutls26 (2.12.21-4) UNRELEASED; urgency=low
* NOT RELEASED YET
+ * 30_strlen_on_null.diff: Pulled from upstream git. Fix segfault caused
+ by running strlen() on NULL. Closes: #647747
-- Andreas Metzler <ametzler at debian.org> Sun, 11 Nov 2012 10:00:58 +0100
Added: packages/gnutls26/trunk/debian/patches/30_strlen_on_null.diff
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/debian/patches/30_strlen_on_null.diff?rev=1610&op=file
==============================================================================
--- packages/gnutls26/trunk/debian/patches/30_strlen_on_null.diff (added)
+++ packages/gnutls26/trunk/debian/patches/30_strlen_on_null.diff Sun Nov 18 13:42:48 2012
@@ -1,0 +1,60 @@
+From fcc063e196a97acdbbc94c5fd2d9603d21fc9c1f Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav at gnutls.org>
+Date: Sat, 25 Aug 2012 15:37:17 +0200
+Subject: [PATCH 1/4] Prevent the usage of strlen() on null values.
+
+---
+ lib/x509/privkey_pkcs8.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
+index 32a6f8e..8684422 100644
+--- a/lib/x509/privkey_pkcs8.c
++++ b/lib/x509/privkey_pkcs8.c
+@@ -1577,6 +1577,10 @@ decrypt_data (schema_id schema, ASN1_TYPE pkcs8_asn,
+ cipher_hd_st ch;
+ int ch_init = 0;
+ int key_size;
++ unsigned int pass_len = 0;
++
++ if (password)
++ pass_len = strlen(password);
+
+ data_size = 0;
+ result = asn1_read_value (pkcs8_asn, root, NULL, &data_size);
+@@ -1625,7 +1629,7 @@ decrypt_data (schema_id schema, ASN1_TYPE pkcs8_asn,
+ case PBES2_AES_192:
+ case PBES2_AES_256:
+
+- result = _gnutls_pbkdf2_sha1 (password, strlen (password),
++ result = _gnutls_pbkdf2_sha1 (password, pass_len,
+ kdf_params->salt, kdf_params->salt_size,
+ kdf_params->iter_count, key, key_size);
+
+@@ -1879,9 +1883,13 @@ generate_key (schema_id schema,
+ struct pbkdf2_params *kdf_params,
+ struct pbe_enc_params *enc_params, gnutls_datum_t * key)
+ {
+- opaque rnd[2];
++ unsigned char rnd[2];
++ unsigned int pass_len = 0;
+ int ret;
+
++ if (password)
++ pass_len = strlen(password);
++
+ ret = _gnutls_rnd (GNUTLS_RND_RANDOM, rnd, 2);
+ if (ret < 0)
+ {
+@@ -1955,7 +1963,7 @@ generate_key (schema_id schema,
+ case PBES2_AES_192:
+ case PBES2_AES_256:
+
+- ret = _gnutls_pbkdf2_sha1 (password, strlen (password),
++ ret = _gnutls_pbkdf2_sha1 (password, pass_len,
+ kdf_params->salt, kdf_params->salt_size,
+ kdf_params->iter_count,
+ key->data, kdf_params->key_size);
+--
+1.7.10.4
+
Modified: packages/gnutls26/trunk/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/debian/patches/series?rev=1610&op=diff
==============================================================================
--- packages/gnutls26/trunk/debian/patches/series (original)
+++ packages/gnutls26/trunk/debian/patches/series Sun Nov 18 13:42:48 2012
@@ -3,3 +3,4 @@
17_ignoretestsuitteerrors.diff
18_gpgerrorinpkgconfig.diff
20_tests-select.diff
+30_strlen_on_null.diff
More information about the Pkg-gnutls-commits
mailing list