diff options
author | Karl Hiramoto <karl@hiramoto.org> | 2014-03-05 11:25:23 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-03-05 15:50:22 +0000 |
commit | 4988a8cda5e617579ac858232dd6749a11f6f28b (patch) | |
tree | d583470d60f5cfb5e2c38e77aa8f18057497755d /meta/recipes-support/gnutls/gnutls | |
parent | 4df2d018a14103040d4350f50e3d42192d3f395d (diff) | |
download | poky-4988a8cda5e617579ac858232dd6749a11f6f28b.tar.gz |
gnutls: CVE-2014-0092 correct return codes
This patch is for the OE-Core master branch - it comes from upstream:
git://gitorious.org/gnutls/gnutls.git
branch: gnutls_2_12_x
commit: 6aa26f78150ccbdf0aec1878a41c17c41d358a3b
Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Thu Feb 27 19:42:26 2014 +0100
For more info see:
http://www.gnutls.org/security.html#GNUTLS-SA-2014-2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092
https://www.gitorious.org/gnutls/gnutls/commit/6aa26f78150ccbdf0aec1878a41c17c41d358a3b
(From OE-Core rev: 61a507c545aead7e49da1e8ad54dec07a648fdb5)
Signed-off-by: Karl Hiramoto <karl@hiramoto.org>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/gnutls/gnutls')
-rw-r--r-- | meta/recipes-support/gnutls/gnutls/CVE-2014-0092-corrected-return-codes.patch | 106 |
1 files changed, 106 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2014-0092-corrected-return-codes.patch b/meta/recipes-support/gnutls/gnutls/CVE-2014-0092-corrected-return-codes.patch new file mode 100644 index 0000000000..68ee5bc426 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2014-0092-corrected-return-codes.patch | |||
@@ -0,0 +1,106 @@ | |||
1 | From 6aa26f78150ccbdf0aec1878a41c17c41d358a3b Mon Sep 17 00:00:00 2001 | ||
2 | From: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||
3 | Date: Thu, 27 Feb 2014 19:42:26 +0100 | ||
4 | Subject: [PATCH 1/3] corrected return codes | ||
5 | |||
6 | Upstream-Status: Backport | ||
7 | |||
8 | Signed-off-by: Karl Hiramoto <karl@hiramoto.org> | ||
9 | |||
10 | --- | ||
11 | lib/x509/verify.c | 16 ++++++++++------ | ||
12 | 1 file changed, 10 insertions(+), 6 deletions(-) | ||
13 | |||
14 | diff --git a/lib/x509/verify.c b/lib/x509/verify.c | ||
15 | index c9a6b0d..eef85a8 100644 | ||
16 | --- a/lib/x509/verify.c | ||
17 | +++ b/lib/x509/verify.c | ||
18 | @@ -141,7 +141,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, | ||
19 | if (result < 0) | ||
20 | { | ||
21 | gnutls_assert (); | ||
22 | - goto cleanup; | ||
23 | + goto fail; | ||
24 | } | ||
25 | |||
26 | result = | ||
27 | @@ -150,7 +150,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, | ||
28 | if (result < 0) | ||
29 | { | ||
30 | gnutls_assert (); | ||
31 | - goto cleanup; | ||
32 | + goto fail; | ||
33 | } | ||
34 | |||
35 | result = | ||
36 | @@ -158,7 +158,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, | ||
37 | if (result < 0) | ||
38 | { | ||
39 | gnutls_assert (); | ||
40 | - goto cleanup; | ||
41 | + goto fail; | ||
42 | } | ||
43 | |||
44 | result = | ||
45 | @@ -166,7 +166,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, | ||
46 | if (result < 0) | ||
47 | { | ||
48 | gnutls_assert (); | ||
49 | - goto cleanup; | ||
50 | + goto fail; | ||
51 | } | ||
52 | |||
53 | /* If the subject certificate is the same as the issuer | ||
54 | @@ -206,6 +206,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, | ||
55 | else | ||
56 | gnutls_assert (); | ||
57 | |||
58 | +fail: | ||
59 | result = 0; | ||
60 | |||
61 | cleanup: | ||
62 | @@ -330,7 +331,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, | ||
63 | gnutls_datum_t cert_signed_data = { NULL, 0 }; | ||
64 | gnutls_datum_t cert_signature = { NULL, 0 }; | ||
65 | gnutls_x509_crt_t issuer = NULL; | ||
66 | - int issuer_version, result; | ||
67 | + int issuer_version, result = 0; | ||
68 | |||
69 | if (output) | ||
70 | *output = 0; | ||
71 | @@ -363,7 +364,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, | ||
72 | if (issuer_version < 0) | ||
73 | { | ||
74 | gnutls_assert (); | ||
75 | - return issuer_version; | ||
76 | + return 0; | ||
77 | } | ||
78 | |||
79 | if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) && | ||
80 | @@ -385,6 +386,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, | ||
81 | if (result < 0) | ||
82 | { | ||
83 | gnutls_assert (); | ||
84 | + result = 0; | ||
85 | goto cleanup; | ||
86 | } | ||
87 | |||
88 | @@ -393,6 +395,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, | ||
89 | if (result < 0) | ||
90 | { | ||
91 | gnutls_assert (); | ||
92 | + result = 0; | ||
93 | goto cleanup; | ||
94 | } | ||
95 | |||
96 | @@ -410,6 +413,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, | ||
97 | else if (result < 0) | ||
98 | { | ||
99 | gnutls_assert(); | ||
100 | + result = 0; | ||
101 | goto cleanup; | ||
102 | } | ||
103 | |||
104 | -- | ||
105 | 1.8.3.2 | ||
106 | |||