From ab318acf535fe20c52bdde2e7f3fc17b1dc22dbd Mon Sep 17 00:00:00 2001 From: Dan Tran Date: Tue, 8 Oct 2019 18:20:02 +0000 Subject: gnutls: Fix CVE-2019-3829 and CVE-2019-3836 (From OE-Core rev: 54c6892543319c4b8f7248e95966e956053c97b7) Signed-off-by: Dan Tran Signed-off-by: Armin Kuster Signed-off-by: Richard Purdie --- .../gnutls/gnutls/CVE-2019-3829_p3.patch | 36 ++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p3.patch (limited to 'meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p3.patch') diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p3.patch b/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p3.patch new file mode 100644 index 0000000000..d27ea4a918 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p3.patch @@ -0,0 +1,36 @@ +From bf616850cf20af2bec3d68b82e6ac610ee8fc404 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim=20R=C3=BChsen?= +Date: Tue, 12 Feb 2019 15:20:23 +0100 +Subject: [PATCH 3/3] gnutls_x509_crt_init: Fix dereference of NULL pointer +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Tim Rühsen + +CVE: CVE-2019-3829 +Upstream-Status: Backport +[https://gitlab.com/gnutls/gnutls/commit/6b5cbc9ea5bdca704bdbe2f8fb551f720d634bc6] + +Signed-off-by: Dan Tran +--- + lib/x509/x509.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/x509/x509.c b/lib/x509/x509.c +index c149881f6..cc232ea50 100644 +--- a/lib/x509/x509.c ++++ b/lib/x509/x509.c +@@ -224,8 +224,8 @@ int gnutls_x509_crt_init(gnutls_x509_crt_t * cert) + if (result < 0) { + gnutls_assert(); + asn1_delete_structure(&tmp->cert); +- gnutls_free(tmp); + gnutls_subject_alt_names_deinit(tmp->san); ++ gnutls_free(tmp); + return result; + } + +-- +2.22.0.vfs.1.1.57.gbaf16c8 + -- cgit v1.2.3-54-g00ecf