diff options
Diffstat (limited to 'meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch')
| -rw-r--r-- | meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch b/meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch new file mode 100644 index 0000000000..4aeb689347 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch | |||
| @@ -0,0 +1,35 @@ | |||
| 1 | From c68195f0ff65144d7e0c32f4de5f264c4012983a Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Daiki Ueno <dueno@redhat.com> | ||
| 3 | Date: Mon, 25 Mar 2019 16:06:39 +0100 | ||
| 4 | Subject: [PATCH] handshake: add missing initialization of local variable | ||
| 5 | |||
| 6 | Resolves: #704 | ||
| 7 | |||
| 8 | Signed-off-by: Daiki Ueno <dueno@redhat.com> | ||
| 9 | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||
| 10 | |||
| 11 | CVE: CVE-2019-3836 | ||
| 12 | Upstream-Status: Backport | ||
| 13 | [https://gitlab.com/gnutls/gnutls/commit/96e07075e8f105b13e76b11e493d5aa2dd937226] | ||
| 14 | |||
| 15 | Signed-off-by: Dan Tran <dantran@microsoft.com> | ||
| 16 | --- | ||
| 17 | lib/handshake-tls13.c | 2 ++ | ||
| 18 | 1 file changed, 2 insertions(+) | ||
| 19 | |||
| 20 | diff --git a/lib/handshake-tls13.c b/lib/handshake-tls13.c | ||
| 21 | index 06c7c01d2..82689b5d8 100644 | ||
| 22 | --- a/lib/handshake-tls13.c | ||
| 23 | +++ b/lib/handshake-tls13.c | ||
| 24 | @@ -534,6 +534,8 @@ _gnutls13_recv_async_handshake(gnutls_session_t session) | ||
| 25 | return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET); | ||
| 26 | |||
| 27 | do { | ||
| 28 | + _gnutls_handshake_buffer_init(&hsk); | ||
| 29 | + | ||
| 30 | /* the received handshake message has already been pushed into | ||
| 31 | * handshake buffers. As we do not need to use the handshake hash | ||
| 32 | * buffers we call the lower level receive functions */ | ||
| 33 | -- | ||
| 34 | 2.22.0.vfs.1.1.57.gbaf16c8 | ||
| 35 | |||