diff options
Diffstat (limited to 'meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch')
-rw-r--r-- | meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch b/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch new file mode 100644 index 0000000000..215be5a8ec --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch | |||
@@ -0,0 +1,35 @@ | |||
1 | CVE: CVE-2016-7444 | ||
2 | Upstream-Status: Backport | ||
3 | Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> | ||
4 | |||
5 | Upstream commit follows: | ||
6 | |||
7 | |||
8 | From 964632f37dfdfb914ebc5e49db4fa29af35b1de9 Mon Sep 17 00:00:00 2001 | ||
9 | From: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||
10 | Date: Sat, 27 Aug 2016 17:00:22 +0200 | ||
11 | Subject: [PATCH] ocsp: corrected the comparison of the serial size in OCSP response | ||
12 | |||
13 | Previously the OCSP certificate check wouldn't verify the serial length | ||
14 | and could succeed in cases it shouldn't. | ||
15 | |||
16 | Reported by Stefan Buehler. | ||
17 | --- | ||
18 | lib/x509/ocsp.c | 1 + | ||
19 | 1 file changed, 1 insertion(+), 0 deletions(-) | ||
20 | |||
21 | diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c | ||
22 | index 92db9b6..8181f2e 100644 | ||
23 | --- a/lib/x509/ocsp.c | ||
24 | +++ b/lib/x509/ocsp.c | ||
25 | @@ -1318,6 +1318,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp, | ||
26 | gnutls_assert(); | ||
27 | goto cleanup; | ||
28 | } | ||
29 | + cserial.size = t; | ||
30 | |||
31 | if (rserial.size != cserial.size | ||
32 | || memcmp(cserial.data, rserial.data, rserial.size) != 0) { | ||
33 | -- | ||
34 | libgit2 0.24.0 | ||
35 | |||