← Back to branch summary

~ubuntu-branches/ubuntu/natty/gnutls26/natty-security

« back to all changes in this revision

Viewing changes to debian/patches/CVE-2011-4128.patch

  • Committer: Package Import Robot
  • Author(s): Tyler Hicks
  • Date: 2012-04-04 11:13:02 UTC
  • mfrom: (12.4.1 experimental)
  • Revision ID: package-import@ubuntu.com-20120404111302-ysnhg3jn5zd7y0m0
Tags: 2.8.6-1ubuntu2.1
* SECURITY UPDATE: Denial of service in client application
  - debian/patches/CVE-2011-4128.patch: Fix buffer bounds check when copying
    session data. Based on upstream patch.
  - CVE-2011-4128
* SECURITY UPDATE: Denial of service via crafted TLS record
  - debian/patches/CVE-2012-1573.patch: Validate the size of a
    GenericBlockCipher structure as it is processed. Based on upstream
    patch.
  - CVE-2012-1573

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/CVE-2011-4128.patch
 
1
Description: Check buffer size passed in from caller prior to overwriting it
 
2
Origin: upstream, http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=190cef6eed37d0e73a73c1e205eb31d45ab60a3c
 
3
Origin: upstream, http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=e82ef4545e9e98cbcb032f55d7c750b81e3a0450
 
4
 
 
5
Index: gnutls26-2.8.6/lib/gnutls_session.c
 
6
===================================================================
 
7
--- gnutls26-2.8.6.orig/lib/gnutls_session.c    2009-06-02 13:59:32.000000000 -0500
 
8
+++ gnutls26-2.8.6/lib/gnutls_session.c 2012-04-04 04:18:39.754872700 -0500
 
9
@@ -64,13 +64,14 @@
 
10
       gnutls_assert ();
 
11
       return ret;
 
12
     }
 
13
-  *session_data_size = psession.size;
 
14
 
 
15
   if (psession.size > *session_data_size)
 
16
     {
 
17
+      *session_data_size = psession.size;
 
18
       ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
 
19
       goto error;
 
20
     }
 
21
+  *session_data_size = psession.size;
 
22
 
 
23
   if (session_data != NULL)
 
24
     memcpy (session_data, psession.data, psession.size);