summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch30
-rw-r--r--meta/recipes-support/gnutls/gnutls_2.12.23.bb1
2 files changed, 31 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch b/meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch
new file mode 100644
index 0000000000..dd118f599a
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch
@@ -0,0 +1,30 @@
1From fcf3745f1d03c4a97e87ef4341269c645fdda787 Mon Sep 17 00:00:00 2001
2From: Valentin Popa <valentin.popa@intel.com>
3Date: Thu, 5 Jun 2014 11:50:11 +0300
4Subject: [PATCH] CVE-2014-3466
5
6Prevent memory corruption due to server hello parsing.
7
8Upstream-Status: Backport
9
10Signed-off-by: Valentin Popa <valentin.popa@intel.com>
11---
12 lib/gnutls_handshake.c | 2 +-
13 1 file changed, 1 insertion(+), 1 deletion(-)
14
15diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
16index e4a63e4..e652528 100644
17--- a/lib/gnutls_handshake.c
18+++ b/lib/gnutls_handshake.c
19@@ -1797,7 +1797,7 @@ _gnutls_read_server_hello (gnutls_session_t session,
20 DECR_LEN (len, 1);
21 session_id_len = data[pos++];
22
23- if (len < session_id_len)
24+ if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE)
25 {
26 gnutls_assert ();
27 return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
28--
291.9.1
30
diff --git a/meta/recipes-support/gnutls/gnutls_2.12.23.bb b/meta/recipes-support/gnutls/gnutls_2.12.23.bb
index 22182426ee..efe9e04ee1 100644
--- a/meta/recipes-support/gnutls/gnutls_2.12.23.bb
+++ b/meta/recipes-support/gnutls/gnutls_2.12.23.bb
@@ -8,6 +8,7 @@ SRC_URI += "file://gnutls-openssl.patch \
8 file://avoid_AM_PROG_MKDIR_P_warning_error_with_automake_1.12.patch \ 8 file://avoid_AM_PROG_MKDIR_P_warning_error_with_automake_1.12.patch \
9 file://CVE-2014-1959-rejection-of-v1-intermediate-cert.patch \ 9 file://CVE-2014-1959-rejection-of-v1-intermediate-cert.patch \
10 file://CVE-2014-0092-corrected-return-codes.patch \ 10 file://CVE-2014-0092-corrected-return-codes.patch \
11 file://CVE-2014-3466.patch \
11 file://25_updatedgdocfrommaster.diff \ 12 file://25_updatedgdocfrommaster.diff \
12 ${@['', 'file://fix-gettext-version.patch'][bb.data.inherits_class('native', d) or (not ((d.getVar("INCOMPATIBLE_LICENSE", True) or "").find("GPLv3") != -1))]} \ 13 ${@['', 'file://fix-gettext-version.patch'][bb.data.inherits_class('native', d) or (not ((d.getVar("INCOMPATIBLE_LICENSE", True) or "").find("GPLv3") != -1))]} \
13 " 14 "