summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJussi Kukkonen <jussi.kukkonen@intel.com>2016-10-10 11:30:01 +0300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-10-11 08:27:26 +0100
commitfbdeb3f3e79fc5df0eb1fe42687923a1dca4b61f (patch)
tree6cf0923ac5e9b24b5038892fa5113806ae6aba0e
parentb9d6a7cc234f44e44e5421191924b7463e9c0a9d (diff)
downloadpoky-fbdeb3f3e79fc5df0eb1fe42687923a1dca4b61f.tar.gz
gnutls: Backport certificate check fix
Previously the OCSP certificate check wouldn't verify the serial length and could succeed in cases it shouldn't (CVE-2016-7444). (From OE-Core rev: d7e97992befd3fa5c1c6616652a3aa723d08c531) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch35
-rw-r--r--meta/recipes-support/gnutls/gnutls_3.5.3.bb1
2 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch b/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch
new file mode 100644
index 0000000000..215be5a8ec
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch
@@ -0,0 +1,35 @@
1CVE: CVE-2016-7444
2Upstream-Status: Backport
3Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
4
5Upstream commit follows:
6
7
8From 964632f37dfdfb914ebc5e49db4fa29af35b1de9 Mon Sep 17 00:00:00 2001
9From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10Date: Sat, 27 Aug 2016 17:00:22 +0200
11Subject: [PATCH] ocsp: corrected the comparison of the serial size in OCSP response
12
13Previously the OCSP certificate check wouldn't verify the serial length
14and could succeed in cases it shouldn't.
15
16Reported by Stefan Buehler.
17---
18 lib/x509/ocsp.c | 1 +
19 1 file changed, 1 insertion(+), 0 deletions(-)
20
21diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
22index 92db9b6..8181f2e 100644
23--- a/lib/x509/ocsp.c
24+++ b/lib/x509/ocsp.c
25@@ -1318,6 +1318,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp,
26 gnutls_assert();
27 goto cleanup;
28 }
29+ cserial.size = t;
30
31 if (rserial.size != cserial.size
32 || memcmp(cserial.data, rserial.data, rserial.size) != 0) {
33--
34libgit2 0.24.0
35
diff --git a/meta/recipes-support/gnutls/gnutls_3.5.3.bb b/meta/recipes-support/gnutls/gnutls_3.5.3.bb
index 8317eb413a..b2dbb07124 100644
--- a/meta/recipes-support/gnutls/gnutls_3.5.3.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.5.3.bb
@@ -4,6 +4,7 @@ SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
4 file://0001-configure.ac-fix-sed-command.patch \ 4 file://0001-configure.ac-fix-sed-command.patch \
5 file://use-pkg-config-to-locate-zlib.patch \ 5 file://use-pkg-config-to-locate-zlib.patch \
6 file://0001-Use-correct-include-dir-with-minitasn.patch \ 6 file://0001-Use-correct-include-dir-with-minitasn.patch \
7 file://CVE-2016-7444.patch \
7 " 8 "
8SRC_URI[md5sum] = "6c2c7f40ddf52933ee3ca474cb8cb63c" 9SRC_URI[md5sum] = "6c2c7f40ddf52933ee3ca474cb8cb63c"
9SRC_URI[sha256sum] = "92c4bc999a10a1b95299ebefaeea8333f19d8a98d957a35b5eae74881bdb1fef" 10SRC_URI[sha256sum] = "92c4bc999a10a1b95299ebefaeea8333f19d8a98d957a35b5eae74881bdb1fef"