gnutls: patch for CVE-2014-3466 backported

Backported patch for CVE-2014-3466. This patch is for daisy. (From OE-Core rev: ca2773b19db4881abe5244c373d94ff05cd2684f) Signed-off-by: Valentin Popa <valentin.popa@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
author: Valentin Popa <valentin.popa@intel.com> 2014-06-05 16:08:30 +0300
committer: Tudor Florea <tudor.florea@enea.com> 2015-07-06 20:19:40 +0200
commit: 88d894a438adb9f0ef60f578a190bff9f508adac (patch)
tree: 1f5ca121036c00a1a2b4539943b44a33ca2032e4
parent: 57bdd0dd6d047d7fe163f6c5634085e01be0a415 (diff)
download: poky-88d894a438adb9f0ef60f578a190bff9f508adac.tar.gz
2 files changed, 31 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch b/meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch
new file mode 100644
index 0000000000..dd118f599a
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch
@@ -0,0 +1,30 @@
+From fcf3745f1d03c4a97e87ef4341269c645fdda787 Mon Sep 17 00:00:00 2001
+From: Valentin Popa <valentin.popa@intel.com>
+Date: Thu, 5 Jun 2014 11:50:11 +0300
+Subject: [PATCH] CVE-2014-3466
+Prevent memory corruption due to server hello parsing.
+Upstream-Status: Backport
+Signed-off-by: Valentin Popa <valentin.popa@intel.com>
+---
+ lib/gnutls_handshake.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
+index e4a63e4..e652528 100644
+--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
+@@ -1797,7 +1797,7 @@ _gnutls_read_server_hello (gnutls_session_t session,
+   DECR_LEN (len, 1);
+   session_id_len = data[pos++];
+ 
+-  if (len < session_id_len)
+  if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE)
+     {
+       gnutls_assert ();
+       return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+-- 
+1.9.1
diff --git a/meta/recipes-support/gnutls/gnutls_2.12.23.bb b/meta/recipes-support/gnutls/gnutls_2.12.23.bb
index 22182426ee..efe9e04ee1 100644
--- a/meta/recipes-support/gnutls/gnutls_2.12.23.bb
+++ b/meta/recipes-support/gnutls/gnutls_2.12.23.bb
@@ -8,6 +8,7 @@ SRC_URI += "file://gnutls-openssl.patch \
            file://avoid_AM_PROG_MKDIR_P_warning_error_with_automake_1.12.patch \
            file://CVE-2014-1959-rejection-of-v1-intermediate-cert.patch \
            file://CVE-2014-0092-corrected-return-codes.patch \
+            file://CVE-2014-3466.patch \
            file://25_updatedgdocfrommaster.diff \
            ${@['', 'file://fix-gettext-version.patch'][bb.data.inherits_class('native', d) or (not ((d.getVar("INCOMPATIBLE_LICENSE", True) or "").find("GPLv3") != -1))]} \
           "
author	Valentin Popa <valentin.popa@intel.com>	2014-06-05 16:08:30 +0300
committer	Tudor Florea <tudor.florea@enea.com>	2015-07-06 20:19:40 +0200
commit	88d894a438adb9f0ef60f578a190bff9f508adac (patch)
tree	1f5ca121036c00a1a2b4539943b44a33ca2032e4
parent	57bdd0dd6d047d7fe163f6c5634085e01be0a415 (diff)
download	poky-88d894a438adb9f0ef60f578a190bff9f508adac.tar.gz

diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch b/meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch new file mode 100644 index 0000000000..dd118f599a --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch
@@ -0,0 +1,30 @@
		1	From fcf3745f1d03c4a97e87ef4341269c645fdda787 Mon Sep 17 00:00:00 2001
		2	From: Valentin Popa <valentin.popa@intel.com>
		3	Date: Thu, 5 Jun 2014 11:50:11 +0300
		4	Subject: [PATCH] CVE-2014-3466
		5
		6	Prevent memory corruption due to server hello parsing.
		7
		8	Upstream-Status: Backport
		9
		10	Signed-off-by: Valentin Popa <valentin.popa@intel.com>
		11	---
		12	lib/gnutls_handshake.c \| 2 +-
		13	1 file changed, 1 insertion(+), 1 deletion(-)
		14
		15	diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
		16	index e4a63e4..e652528 100644
		17	--- a/lib/gnutls_handshake.c
		18	+++ b/lib/gnutls_handshake.c
		19	@@ -1797,7 +1797,7 @@ _gnutls_read_server_hello (gnutls_session_t session,
		20	DECR_LEN (len, 1);
		21	session_id_len = data[pos++];
		22
		23	- if (len < session_id_len)
		24	+ if (len < session_id_len \|\| session_id_len > TLS_MAX_SESSION_ID_SIZE)
		25	{
		26	gnutls_assert ();
		27	return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
		28	--
		29	1.9.1
		30


diff --git a/meta/recipes-support/gnutls/gnutls_2.12.23.bb b/meta/recipes-support/gnutls/gnutls_2.12.23.bb index 22182426ee..efe9e04ee1 100644 --- a/meta/recipes-support/gnutls/gnutls_2.12.23.bb +++ b/meta/recipes-support/gnutls/gnutls_2.12.23.bb
@@ -8,6 +8,7 @@ SRC_URI += "file://gnutls-openssl.patch \
8	file://avoid_AM_PROG_MKDIR_P_warning_error_with_automake_1.12.patch \	8	file://avoid_AM_PROG_MKDIR_P_warning_error_with_automake_1.12.patch \
9	file://CVE-2014-1959-rejection-of-v1-intermediate-cert.patch \	9	file://CVE-2014-1959-rejection-of-v1-intermediate-cert.patch \
10	file://CVE-2014-0092-corrected-return-codes.patch \	10	file://CVE-2014-0092-corrected-return-codes.patch \
		11	file://CVE-2014-3466.patch \
11	file://25_updatedgdocfrommaster.diff \	12	file://25_updatedgdocfrommaster.diff \
12	${@['', 'file://fix-gettext-version.patch'][bb.data.inherits_class('native', d) or (not ((d.getVar("INCOMPATIBLE_LICENSE", True) or "").find("GPLv3") != -1))]} \	13	${@['', 'file://fix-gettext-version.patch'][bb.data.inherits_class('native', d) or (not ((d.getVar("INCOMPATIBLE_LICENSE", True) or "").find("GPLv3") != -1))]} \
13	"	14	"