[Pkg-gnutls-commits] r1777 - in /packages/gnutls26/trunk/debian: changelog patches/21_sanitycheck.diff patches/series

ametzler at users.alioth.debian.org ametzler at users.alioth.debian.org
Thu May 23 18:06:37 UTC 2013 

Author: ametzler
Date: Thu May 23 18:06:36 2013
New Revision: 1777

URL: http://svn.debian.org/wsvn/pkg-gnutls/?sc=1&rev=1777
Log:
Fix out of bounds data access.

Added:
    packages/gnutls26/trunk/debian/patches/21_sanitycheck.diff
Modified:
    packages/gnutls26/trunk/debian/changelog
    packages/gnutls26/trunk/debian/patches/series

Modified: packages/gnutls26/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/debian/changelog?rev=1777&op=diff
==============================================================================
--- packages/gnutls26/trunk/debian/changelog (original)
+++ packages/gnutls26/trunk/debian/changelog Thu May 23 18:06:36 2013
@@ -1,3 +1,10 @@
+gnutls26 (2.12.23-5) unstable; urgency=high
+
+  * [21_sanitycheck.diff] Fix out of bounds data access.
+    Closes: #709301
+
+ -- Andreas Metzler <ametzler at debian.org>  Thu, 23 May 2013 19:04:28 +0200
+
 gnutls26 (2.12.23-4) unstable; urgency=low
 
   * Build against libtasn1-3 again.

Added: packages/gnutls26/trunk/debian/patches/21_sanitycheck.diff
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/debian/patches/21_sanitycheck.diff?rev=1777&op=file
==============================================================================
--- packages/gnutls26/trunk/debian/patches/21_sanitycheck.diff (added)
+++ packages/gnutls26/trunk/debian/patches/21_sanitycheck.diff Thu May 23 18:06:36 2013
@@ -1,0 +1,25 @@
+From 5164d5a1d57cd0372a5dd074382ca960ca18b27d Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav at gnutls.org>
+Date: Thu, 23 May 2013 09:54:37 +0200
+Subject: [PATCH 3/3] re-applied sanity check patch
+
+---
+ lib/gnutls_cipher.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
+index 2835121..71f5a98 100644
+--- a/lib/gnutls_cipher.c
++++ b/lib/gnutls_cipher.c
+@@ -561,6 +561,8 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
+           return GNUTLS_E_DECRYPTION_FAILED;
+         }
+       pad = ciphertext.data[ciphertext.size - 1];   /* pad */
++      if (pad+1 > ciphertext.size-hash_size)
++        pad_failed = GNUTLS_E_DECRYPTION_FAILED;
+ 
+       /* Check the pading bytes (TLS 1.x). 
+        * Note that we access all 256 bytes of ciphertext for padding check
+-- 
+1.7.10.4
+

Modified: packages/gnutls26/trunk/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/debian/patches/series?rev=1777&op=diff
==============================================================================
--- packages/gnutls26/trunk/debian/patches/series (original)
+++ packages/gnutls26/trunk/debian/patches/series Thu May 23 18:06:36 2013
@@ -3,3 +3,4 @@
 17_ignoretestsuitteerrors.diff
 18_gpgerrorinpkgconfig.diff
 20_tests-select.diff
+21_sanitycheck.diff

More information about the Pkg-gnutls-commits mailing list