diff options
author | Valentin Popa <valentin.popa@intel.com> | 2014-06-05 16:08:30 +0300 |
---|---|---|
committer | Tudor Florea <tudor.florea@enea.com> | 2015-07-06 20:19:40 +0200 |
commit | 88d894a438adb9f0ef60f578a190bff9f508adac (patch) | |
tree | 1f5ca121036c00a1a2b4539943b44a33ca2032e4 /meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch | |
parent | 57bdd0dd6d047d7fe163f6c5634085e01be0a415 (diff) | |
download | poky-88d894a438adb9f0ef60f578a190bff9f508adac.tar.gz |
gnutls: patch for CVE-2014-3466 backported
Backported patch for CVE-2014-3466.
This patch is for daisy.
(From OE-Core rev: ca2773b19db4881abe5244c373d94ff05cd2684f)
Signed-off-by: Valentin Popa <valentin.popa@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Diffstat (limited to 'meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch')
-rw-r--r-- | meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch b/meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch new file mode 100644 index 0000000000..dd118f599a --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch | |||
@@ -0,0 +1,30 @@ | |||
1 | From fcf3745f1d03c4a97e87ef4341269c645fdda787 Mon Sep 17 00:00:00 2001 | ||
2 | From: Valentin Popa <valentin.popa@intel.com> | ||
3 | Date: Thu, 5 Jun 2014 11:50:11 +0300 | ||
4 | Subject: [PATCH] CVE-2014-3466 | ||
5 | |||
6 | Prevent memory corruption due to server hello parsing. | ||
7 | |||
8 | Upstream-Status: Backport | ||
9 | |||
10 | Signed-off-by: Valentin Popa <valentin.popa@intel.com> | ||
11 | --- | ||
12 | lib/gnutls_handshake.c | 2 +- | ||
13 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
14 | |||
15 | diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c | ||
16 | index e4a63e4..e652528 100644 | ||
17 | --- a/lib/gnutls_handshake.c | ||
18 | +++ b/lib/gnutls_handshake.c | ||
19 | @@ -1797,7 +1797,7 @@ _gnutls_read_server_hello (gnutls_session_t session, | ||
20 | DECR_LEN (len, 1); | ||
21 | session_id_len = data[pos++]; | ||
22 | |||
23 | - if (len < session_id_len) | ||
24 | + if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE) | ||
25 | { | ||
26 | gnutls_assert (); | ||
27 | return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; | ||
28 | -- | ||
29 | 1.9.1 | ||
30 | |||