diff options
Diffstat (limited to 'net-libs/gnutls/files/gnutls-2.12.23-CVE-2013-2116.patch')
-rw-r--r-- | net-libs/gnutls/files/gnutls-2.12.23-CVE-2013-2116.patch | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/net-libs/gnutls/files/gnutls-2.12.23-CVE-2013-2116.patch b/net-libs/gnutls/files/gnutls-2.12.23-CVE-2013-2116.patch new file mode 100644 index 000000000000..2223e708a609 --- /dev/null +++ b/net-libs/gnutls/files/gnutls-2.12.23-CVE-2013-2116.patch @@ -0,0 +1,25 @@ +From 5164d5a1d57cd0372a5dd074382ca960ca18b27d Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@gnutls.org> +Date: Thu, 23 May 2013 09:54:37 +0200 +Subject: [PATCH] re-applied sanity check patch + +--- + lib/gnutls_cipher.c | 2 ++ + 1 files changed, 2 insertions(+), 0 deletions(-) + +diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c +index 2835121..71f5a98 100644 +--- a/lib/gnutls_cipher.c ++++ b/lib/gnutls_cipher.c +@@ -561,6 +561,8 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, + return GNUTLS_E_DECRYPTION_FAILED; + } + pad = ciphertext.data[ciphertext.size - 1]; /* pad */ ++ if (pad+1 > ciphertext.size-hash_size) ++ pad_failed = GNUTLS_E_DECRYPTION_FAILED; + + /* Check the pading bytes (TLS 1.x). + * Note that we access all 256 bytes of ciphertext for padding check +-- +1.7.1 + |