From cc1d3f0edb1a8d2bdd24aa34c654c2135e0854fe Mon Sep 17 00:00:00 2001
From: Sona Sarmadi <sona.sarmadi@enea.com>
Date: Thu, 7 Jan 2016 14:38:09 +0100
Subject: gnutls: CVE-2015-6251

Fixes double free flaw in certificate DN decoding.

References:
http://www.gnutls.org/security.html#GNUTLS-SA-2015-3
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-6251
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6251

Upstream fix:
https://gitlab.com/gnutls/gnutls/commit/
272854367efc130fbd4f1a51840d80c630214e12

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
---
 .../gnutls/gnutls/CVE-2015-6251.patch              | 27 ++++++++++++++++++++++
 meta/recipes-support/gnutls/gnutls_3.3.5.bb        |  1 +
 2 files changed, 28 insertions(+)
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2015-6251.patch

(limited to 'meta')

diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2015-6251.patch b/meta/recipes-support/gnutls/gnutls/CVE-2015-6251.patch
new file mode 100644
index 0000000000..5a29a9671e
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2015-6251.patch
@@ -0,0 +1,27 @@
+From 272854367efc130fbd4f1a51840d80c630214e12 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Mon, 20 Jul 2015 21:49:28 +0200
+Subject: [PATCH] Reset the output value on error in _gnutls_x509_dn_to_string()
+
+Fixes CVE-2015-6251.
+Upstream-Status: Backport
+
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ lib/x509/common.c | 1 +
+ 1 file changed, 1 insertion(+), 0 deletions(-)
+
+diff --git a/lib/x509/common.c b/lib/x509/common.c
+index 94b6bbc..9a4b96f 100644
+--- a/lib/x509/common.c
++++ b/lib/x509/common.c
+@@ -469,6 +469,7 @@ _gnutls_x509_dn_to_string(const char *oid, void *value,
+ 		if (ret < 0) {
+ 			gnutls_assert();
+ 			gnutls_free(str->data);
++			str->data = NULL;
+ 			return ret;
+ 		}
+ 		str->size = size;
+--
+libgit2 0.23.4
diff --git a/meta/recipes-support/gnutls/gnutls_3.3.5.bb b/meta/recipes-support/gnutls/gnutls_3.3.5.bb
index 9f26470f41..ce1da890f6 100644
--- a/meta/recipes-support/gnutls/gnutls_3.3.5.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.3.5.bb
@@ -3,6 +3,7 @@ require gnutls.inc
 SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
             file://eliminated-double-free-CVE-2015-3308.patch \
             file://better-fix-for-double-free-CVE-2015-3308.patch \
+            file://CVE-2015-6251.patch \
            "
 
 SRC_URI[md5sum] = "1f396dcf3c14ea67de7243821006d1a2"
-- 
cgit v1.2.3-54-g00ecf