1 files changed, 44 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch b/meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch
new file mode 100644
index 0000000000..0989ef6a21
--- /dev/null
+++ b/meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch
@@ -0,0 +1,44 @@
+From f979435823a02f842c41d49cd41cc81f25b5d677 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Mon, 20 Apr 2015 14:56:27 +0200
+Subject: [PATCH] _asn1_extract_der_octet: prevent past of boundary access
+Fixes CVE-2015-3622.
+Upstream-Status: Backport
+Reported by Hanno Böck.
+---
+ lib/decoding.c |    3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+diff --git a/lib/decoding.c b/lib/decoding.c
+index 7fbd931..42ddc6b 100644
+--- a/lib/decoding.c
+++ b/lib/decoding.c
+@@ -732,6 +732,7 @@ _asn1_extract_der_octet (asn1_node node, const unsigned char *der,
+     return ASN1_DER_ERROR;
+ 
+   counter = len3 + 1;
+  DECR_LEN(der_len, len3);
+ 
+   if (len2 == -1)
+     counter_end = der_len - 2;
+@@ -740,6 +741,7 @@ _asn1_extract_der_octet (asn1_node node, const unsigned char *der,
+ 
+   while (counter < counter_end)
+     {
+      DECR_LEN(der_len, 1);
+       len2 = asn1_get_length_der (der + counter, der_len, &len3);
+ 
+       if (IS_ERR(len2, flags))
+@@ -764,7 +766,6 @@ _asn1_extract_der_octet (asn1_node node, const unsigned char *der,
+          len2 = 0;
+        }
+ 
+-      DECR_LEN(der_len, 1);
+       counter += len2 + len3 + 1;
+     }
+ 
+-- 
+1.7.2.5

diff --git a/meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch b/meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch new file mode 100644 index 0000000000..0989ef6a21 --- /dev/null +++ b/meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch
@@ -0,0 +1,44 @@
	1	From f979435823a02f842c41d49cd41cc81f25b5d677 Mon Sep 17 00:00:00 2001
	2	From: Nikos Mavrogiannopoulos <nmav@redhat.com>
	3	Date: Mon, 20 Apr 2015 14:56:27 +0200
	4	Subject: [PATCH] _asn1_extract_der_octet: prevent past of boundary access
	5
	6	Fixes CVE-2015-3622.
	7	Upstream-Status: Backport
	8
	9	Reported by Hanno Böck.
	10	---
	11	lib/decoding.c \| 3 ++-
	12	1 files changed, 2 insertions(+), 1 deletions(-)
	13
	14	diff --git a/lib/decoding.c b/lib/decoding.c
	15	index 7fbd931..42ddc6b 100644
	16	--- a/lib/decoding.c
	17	+++ b/lib/decoding.c
	18	@@ -732,6 +732,7 @@ _asn1_extract_der_octet (asn1_node node, const unsigned char *der,
	19	return ASN1_DER_ERROR;
	20
	21	counter = len3 + 1;
	22	+ DECR_LEN(der_len, len3);
	23
	24	if (len2 == -1)
	25	counter_end = der_len - 2;
	26	@@ -740,6 +741,7 @@ _asn1_extract_der_octet (asn1_node node, const unsigned char *der,
	27
	28	while (counter < counter_end)
	29	{
	30	+ DECR_LEN(der_len, 1);
	31	len2 = asn1_get_length_der (der + counter, der_len, &len3);
	32
	33	if (IS_ERR(len2, flags))
	34	@@ -764,7 +766,6 @@ _asn1_extract_der_octet (asn1_node node, const unsigned char *der,
	35	len2 = 0;
	36	}
	37
	38	- DECR_LEN(der_len, 1);
	39	counter += len2 + len3 + 1;
	40	}
	41
	42	--
	43	1.7.2.5
	44