[Pkg-gnutls-commits] r1777 - in /packages/gnutls26/trunk/debian: changelog patches/21_sanitycheck.diff patches/series
ametzler at users.alioth.debian.org
ametzler at users.alioth.debian.org
Thu May 23 18:06:37 UTC 2013
Author: ametzler
Date: Thu May 23 18:06:36 2013
New Revision: 1777
URL: http://svn.debian.org/wsvn/pkg-gnutls/?sc=1&rev=1777
Log:
Fix out of bounds data access.
Added:
packages/gnutls26/trunk/debian/patches/21_sanitycheck.diff
Modified:
packages/gnutls26/trunk/debian/changelog
packages/gnutls26/trunk/debian/patches/series
Modified: packages/gnutls26/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/debian/changelog?rev=1777&op=diff
==============================================================================
--- packages/gnutls26/trunk/debian/changelog (original)
+++ packages/gnutls26/trunk/debian/changelog Thu May 23 18:06:36 2013
@@ -1,3 +1,10 @@
+gnutls26 (2.12.23-5) unstable; urgency=high
+
+ * [21_sanitycheck.diff] Fix out of bounds data access.
+ Closes: #709301
+
+ -- Andreas Metzler <ametzler at debian.org> Thu, 23 May 2013 19:04:28 +0200
+
gnutls26 (2.12.23-4) unstable; urgency=low
* Build against libtasn1-3 again.
Added: packages/gnutls26/trunk/debian/patches/21_sanitycheck.diff
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/debian/patches/21_sanitycheck.diff?rev=1777&op=file
==============================================================================
--- packages/gnutls26/trunk/debian/patches/21_sanitycheck.diff (added)
+++ packages/gnutls26/trunk/debian/patches/21_sanitycheck.diff Thu May 23 18:06:36 2013
@@ -1,0 +1,25 @@
+From 5164d5a1d57cd0372a5dd074382ca960ca18b27d Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav at gnutls.org>
+Date: Thu, 23 May 2013 09:54:37 +0200
+Subject: [PATCH 3/3] re-applied sanity check patch
+
+---
+ lib/gnutls_cipher.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
+index 2835121..71f5a98 100644
+--- a/lib/gnutls_cipher.c
++++ b/lib/gnutls_cipher.c
+@@ -561,6 +561,8 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
+ return GNUTLS_E_DECRYPTION_FAILED;
+ }
+ pad = ciphertext.data[ciphertext.size - 1]; /* pad */
++ if (pad+1 > ciphertext.size-hash_size)
++ pad_failed = GNUTLS_E_DECRYPTION_FAILED;
+
+ /* Check the pading bytes (TLS 1.x).
+ * Note that we access all 256 bytes of ciphertext for padding check
+--
+1.7.10.4
+
Modified: packages/gnutls26/trunk/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/debian/patches/series?rev=1777&op=diff
==============================================================================
--- packages/gnutls26/trunk/debian/patches/series (original)
+++ packages/gnutls26/trunk/debian/patches/series Thu May 23 18:06:36 2013
@@ -3,3 +3,4 @@
17_ignoretestsuitteerrors.diff
18_gpgerrorinpkgconfig.diff
20_tests-select.diff
+21_sanitycheck.diff
More information about the Pkg-gnutls-commits
mailing list