gnutls: Backport certificate check fix

Previously the OCSP certificate check wouldn't verify the serial length and could succeed in cases it shouldn't (CVE-2016-7444). (From OE-Core rev: d7e97992befd3fa5c1c6616652a3aa723d08c531) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Jussi Kukkonen <jussi.kukkonen@intel.com> 2016-10-10 11:30:01 +0300
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-10-11 08:27:26 +0100
commit: fbdeb3f3e79fc5df0eb1fe42687923a1dca4b61f (patch)
tree: 6cf0923ac5e9b24b5038892fa5113806ae6aba0e /meta/recipes-support/gnutls
parent: b9d6a7cc234f44e44e5421191924b7463e9c0a9d (diff)
download: poky-fbdeb3f3e79fc5df0eb1fe42687923a1dca4b61f.tar.gz
2 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch b/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch
new file mode 100644
index 0000000000..215be5a8ec
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch
@@ -0,0 +1,35 @@
+CVE: CVE-2016-7444
+Upstream-Status: Backport
+Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
+Upstream commit follows:
+From 964632f37dfdfb914ebc5e49db4fa29af35b1de9 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Sat, 27 Aug 2016 17:00:22 +0200
+Subject: [PATCH] ocsp: corrected the comparison of the serial size in OCSP response
+Previously the OCSP certificate check wouldn't verify the serial length
+and could succeed in cases it shouldn't.
+Reported by Stefan Buehler.
+---
+ lib/x509/ocsp.c | 1 +
+ 1 file changed, 1 insertion(+), 0 deletions(-)
+diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
+index 92db9b6..8181f2e 100644
+--- a/lib/x509/ocsp.c
+++ b/lib/x509/ocsp.c
+@@ -1318,6 +1318,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp,
+                gnutls_assert();
+                goto cleanup;
+        }
+       cserial.size = t;
+ 
+        if (rserial.size != cserial.size
+            || memcmp(cserial.data, rserial.data, rserial.size) != 0) {
+--
+libgit2 0.24.0
diff --git a/meta/recipes-support/gnutls/gnutls_3.5.3.bb b/meta/recipes-support/gnutls/gnutls_3.5.3.bb
index 8317eb413a..b2dbb07124 100644
--- a/meta/recipes-support/gnutls/gnutls_3.5.3.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.5.3.bb
@@ -4,6 +4,7 @@ SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
            file://0001-configure.ac-fix-sed-command.patch \
            file://use-pkg-config-to-locate-zlib.patch \
            file://0001-Use-correct-include-dir-with-minitasn.patch \
+            file://CVE-2016-7444.patch \
           "
 SRC_URI[md5sum] = "6c2c7f40ddf52933ee3ca474cb8cb63c"
 SRC_URI[sha256sum] = "92c4bc999a10a1b95299ebefaeea8333f19d8a98d957a35b5eae74881bdb1fef"
author	Jussi Kukkonen <jussi.kukkonen@intel.com>	2016-10-10 11:30:01 +0300
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-10-11 08:27:26 +0100
commit	fbdeb3f3e79fc5df0eb1fe42687923a1dca4b61f (patch)
tree	6cf0923ac5e9b24b5038892fa5113806ae6aba0e /meta/recipes-support/gnutls
parent	b9d6a7cc234f44e44e5421191924b7463e9c0a9d (diff)
download	poky-fbdeb3f3e79fc5df0eb1fe42687923a1dca4b61f.tar.gz

diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch b/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch new file mode 100644 index 0000000000..215be5a8ec --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch
@@ -0,0 +1,35 @@
		1	CVE: CVE-2016-7444
		2	Upstream-Status: Backport
		3	Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
		4
		5	Upstream commit follows:
		6
		7
		8	From 964632f37dfdfb914ebc5e49db4fa29af35b1de9 Mon Sep 17 00:00:00 2001
		9	From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
		10	Date: Sat, 27 Aug 2016 17:00:22 +0200
		11	Subject: [PATCH] ocsp: corrected the comparison of the serial size in OCSP response
		12
		13	Previously the OCSP certificate check wouldn't verify the serial length
		14	and could succeed in cases it shouldn't.
		15
		16	Reported by Stefan Buehler.
		17	---
		18	lib/x509/ocsp.c \| 1 +
		19	1 file changed, 1 insertion(+), 0 deletions(-)
		20
		21	diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
		22	index 92db9b6..8181f2e 100644
		23	--- a/lib/x509/ocsp.c
		24	+++ b/lib/x509/ocsp.c
		25	@@ -1318,6 +1318,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp,
		26	gnutls_assert();
		27	goto cleanup;
		28	}
		29	+ cserial.size = t;
		30
		31	if (rserial.size != cserial.size
		32	\|\| memcmp(cserial.data, rserial.data, rserial.size) != 0) {
		33	--
		34	libgit2 0.24.0
		35


diff --git a/meta/recipes-support/gnutls/gnutls_3.5.3.bb b/meta/recipes-support/gnutls/gnutls_3.5.3.bb index 8317eb413a..b2dbb07124 100644 --- a/meta/recipes-support/gnutls/gnutls_3.5.3.bb +++ b/meta/recipes-support/gnutls/gnutls_3.5.3.bb
@@ -4,6 +4,7 @@ SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
4	file://0001-configure.ac-fix-sed-command.patch \	4	file://0001-configure.ac-fix-sed-command.patch \
5	file://use-pkg-config-to-locate-zlib.patch \	5	file://use-pkg-config-to-locate-zlib.patch \
6	file://0001-Use-correct-include-dir-with-minitasn.patch \	6	file://0001-Use-correct-include-dir-with-minitasn.patch \
		7	file://CVE-2016-7444.patch \
7	"	8	"
8	SRC_URI[md5sum] = "6c2c7f40ddf52933ee3ca474cb8cb63c"	9	SRC_URI[md5sum] = "6c2c7f40ddf52933ee3ca474cb8cb63c"
9	SRC_URI[sha256sum] = "92c4bc999a10a1b95299ebefaeea8333f19d8a98d957a35b5eae74881bdb1fef"	10	SRC_URI[sha256sum] = "92c4bc999a10a1b95299ebefaeea8333f19d8a98d957a35b5eae74881bdb1fef"