1 files changed, 65 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2021-20232.patch b/meta/recipes-support/gnutls/gnutls/CVE-2021-20232.patch
new file mode 100644
index 0000000000..e13917cddb
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2021-20232.patch
@@ -0,0 +1,65 @@
+From 75a937d97f4fefc6f9b08e3791f151445f551cb3 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Fri, 29 Jan 2021 14:06:50 +0100
+Subject: [PATCH] pre_shared_key: avoid use-after-free around realloc
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+https://gitlab.com/gnutls/gnutls/-/commit/75a937d97f4fefc6f9b08e3791f151445f551cb3
+Upstream-Status: Backport 
+CVE: CVE-2021-CVE-2021-20232
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ lib/ext/pre_shared_key.c | 15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c
+index a042c6488e..380bf39ed5 100644
+--- a/lib/ext/pre_shared_key.c
+++ b/lib/ext/pre_shared_key.c
+@@ -267,7 +267,7 @@ client_send_params(gnutls_session_t session,
+        size_t spos;
+        gnutls_datum_t username = {NULL, 0};
+        gnutls_datum_t user_key = {NULL, 0}, rkey = {NULL, 0};
+-       gnutls_datum_t client_hello;
+       unsigned client_hello_len;
+        unsigned next_idx;
+        const mac_entry_st *prf_res = NULL;
+        const mac_entry_st *prf_psk = NULL;
+@@ -428,8 +428,7 @@ client_send_params(gnutls_session_t session,
+        assert(extdata->length >= sizeof(mbuffer_st));
+        assert(ext_offset >= (ssize_t)sizeof(mbuffer_st));
+        ext_offset -= sizeof(mbuffer_st);
+-       client_hello.data = extdata->data+sizeof(mbuffer_st);
+-       client_hello.size = extdata->length-sizeof(mbuffer_st);
+       client_hello_len = extdata->length-sizeof(mbuffer_st);
+ 
+        next_idx = 0;
+ 
+@@ -440,6 +439,11 @@ client_send_params(gnutls_session_t session,
+        }
+ 
+        if (prf_res && rkey.size > 0) {
+               gnutls_datum_t client_hello;
+
+               client_hello.data = extdata->data+sizeof(mbuffer_st);
+               client_hello.size = client_hello_len;
+
+                ret = compute_psk_binder(session, prf_res,
+                                         binders_len, binders_pos,
+                                         ext_offset, &rkey, &client_hello, 1,
+@@ -474,6 +478,11 @@ client_send_params(gnutls_session_t session,
+        }
+ 
+        if (prf_psk && user_key.size > 0 && info) {
+               gnutls_datum_t client_hello;
+
+               client_hello.data = extdata->data+sizeof(mbuffer_st);
+               client_hello.size = client_hello_len;
+
+                ret = compute_psk_binder(session, prf_psk,
+                                         binders_len, binders_pos,
+                                         ext_offset, &user_key, &client_hello, 0,
+-- 
+GitLab

diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2021-20232.patch b/meta/recipes-support/gnutls/gnutls/CVE-2021-20232.patch new file mode 100644 index 0000000000..e13917cddb --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2021-20232.patch
@@ -0,0 +1,65 @@
	1	From 75a937d97f4fefc6f9b08e3791f151445f551cb3 Mon Sep 17 00:00:00 2001
	2	From: Daiki Ueno <ueno@gnu.org>
	3	Date: Fri, 29 Jan 2021 14:06:50 +0100
	4	Subject: [PATCH] pre_shared_key: avoid use-after-free around realloc
	5
	6	Signed-off-by: Daiki Ueno <ueno@gnu.org>
	7
	8	https://gitlab.com/gnutls/gnutls/-/commit/75a937d97f4fefc6f9b08e3791f151445f551cb3
	9	Upstream-Status: Backport
	10	CVE: CVE-2021-CVE-2021-20232
	11	Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
	12	---
	13	lib/ext/pre_shared_key.c \| 15 ++++++++++++---
	14	1 file changed, 12 insertions(+), 3 deletions(-)
	15
	16	diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c
	17	index a042c6488e..380bf39ed5 100644
	18	--- a/lib/ext/pre_shared_key.c
	19	+++ b/lib/ext/pre_shared_key.c
	20	@@ -267,7 +267,7 @@ client_send_params(gnutls_session_t session,
	21	size_t spos;
	22	gnutls_datum_t username = {NULL, 0};
	23	gnutls_datum_t user_key = {NULL, 0}, rkey = {NULL, 0};
	24	- gnutls_datum_t client_hello;
	25	+ unsigned client_hello_len;
	26	unsigned next_idx;
	27	const mac_entry_st *prf_res = NULL;
	28	const mac_entry_st *prf_psk = NULL;
	29	@@ -428,8 +428,7 @@ client_send_params(gnutls_session_t session,
	30	assert(extdata->length >= sizeof(mbuffer_st));
	31	assert(ext_offset >= (ssize_t)sizeof(mbuffer_st));
	32	ext_offset -= sizeof(mbuffer_st);
	33	- client_hello.data = extdata->data+sizeof(mbuffer_st);
	34	- client_hello.size = extdata->length-sizeof(mbuffer_st);
	35	+ client_hello_len = extdata->length-sizeof(mbuffer_st);
	36
	37	next_idx = 0;
	38
	39	@@ -440,6 +439,11 @@ client_send_params(gnutls_session_t session,
	40	}
	41
	42	if (prf_res && rkey.size > 0) {
	43	+ gnutls_datum_t client_hello;
	44	+
	45	+ client_hello.data = extdata->data+sizeof(mbuffer_st);
	46	+ client_hello.size = client_hello_len;
	47	+
	48	ret = compute_psk_binder(session, prf_res,
	49	binders_len, binders_pos,
	50	ext_offset, &rkey, &client_hello, 1,
	51	@@ -474,6 +478,11 @@ client_send_params(gnutls_session_t session,
	52	}
	53
	54	if (prf_psk && user_key.size > 0 && info) {
	55	+ gnutls_datum_t client_hello;
	56	+
	57	+ client_hello.data = extdata->data+sizeof(mbuffer_st);
	58	+ client_hello.size = client_hello_len;
	59	+
	60	ret = compute_psk_binder(session, prf_psk,
	61	binders_len, binders_pos,
	62	ext_offset, &user_key, &client_hello, 0,
	63	--
	64	GitLab
	65