diff options
Diffstat (limited to 'meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch')
-rw-r--r-- | meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch b/meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch new file mode 100644 index 0000000000..4aeb689347 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch | |||
@@ -0,0 +1,35 @@ | |||
1 | From c68195f0ff65144d7e0c32f4de5f264c4012983a Mon Sep 17 00:00:00 2001 | ||
2 | From: Daiki Ueno <dueno@redhat.com> | ||
3 | Date: Mon, 25 Mar 2019 16:06:39 +0100 | ||
4 | Subject: [PATCH] handshake: add missing initialization of local variable | ||
5 | |||
6 | Resolves: #704 | ||
7 | |||
8 | Signed-off-by: Daiki Ueno <dueno@redhat.com> | ||
9 | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||
10 | |||
11 | CVE: CVE-2019-3836 | ||
12 | Upstream-Status: Backport | ||
13 | [https://gitlab.com/gnutls/gnutls/commit/96e07075e8f105b13e76b11e493d5aa2dd937226] | ||
14 | |||
15 | Signed-off-by: Dan Tran <dantran@microsoft.com> | ||
16 | --- | ||
17 | lib/handshake-tls13.c | 2 ++ | ||
18 | 1 file changed, 2 insertions(+) | ||
19 | |||
20 | diff --git a/lib/handshake-tls13.c b/lib/handshake-tls13.c | ||
21 | index 06c7c01d2..82689b5d8 100644 | ||
22 | --- a/lib/handshake-tls13.c | ||
23 | +++ b/lib/handshake-tls13.c | ||
24 | @@ -534,6 +534,8 @@ _gnutls13_recv_async_handshake(gnutls_session_t session) | ||
25 | return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET); | ||
26 | |||
27 | do { | ||
28 | + _gnutls_handshake_buffer_init(&hsk); | ||
29 | + | ||
30 | /* the received handshake message has already been pushed into | ||
31 | * handshake buffers. As we do not need to use the handshake hash | ||
32 | * buffers we call the lower level receive functions */ | ||
33 | -- | ||
34 | 2.22.0.vfs.1.1.57.gbaf16c8 | ||
35 | |||