diff options
author | Dan Tran <dantran@microsoft.com> | 2019-10-08 18:20:02 +0000 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2019-10-13 09:02:09 -0700 |
commit | 54c6892543319c4b8f7248e95966e956053c97b7 (patch) | |
tree | d1b3ad84479243cfd6bf4ef8e05b1676acff79c9 /meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch | |
parent | 85da4ccfff2103815eb3cd9a0b0f1af122b05567 (diff) | |
download | openembedded-core-contrib-54c6892543319c4b8f7248e95966e956053c97b7.tar.gz |
gnutls: Fix CVE-2019-3829 and CVE-2019-3836
Signed-off-by: Dan Tran <dantran@microsoft.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch')
-rw-r--r-- | meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch b/meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch new file mode 100644 index 0000000000..4aeb689347 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch @@ -0,0 +1,35 @@ +From c68195f0ff65144d7e0c32f4de5f264c4012983a Mon Sep 17 00:00:00 2001 +From: Daiki Ueno <dueno@redhat.com> +Date: Mon, 25 Mar 2019 16:06:39 +0100 +Subject: [PATCH] handshake: add missing initialization of local variable + +Resolves: #704 + +Signed-off-by: Daiki Ueno <dueno@redhat.com> +Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> + +CVE: CVE-2019-3836 +Upstream-Status: Backport +[https://gitlab.com/gnutls/gnutls/commit/96e07075e8f105b13e76b11e493d5aa2dd937226] + +Signed-off-by: Dan Tran <dantran@microsoft.com> +--- + lib/handshake-tls13.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/handshake-tls13.c b/lib/handshake-tls13.c +index 06c7c01d2..82689b5d8 100644 +--- a/lib/handshake-tls13.c ++++ b/lib/handshake-tls13.c +@@ -534,6 +534,8 @@ _gnutls13_recv_async_handshake(gnutls_session_t session) + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET); + + do { ++ _gnutls_handshake_buffer_init(&hsk); ++ + /* the received handshake message has already been pushed into + * handshake buffers. As we do not need to use the handshake hash + * buffers we call the lower level receive functions */ +-- +2.22.0.vfs.1.1.57.gbaf16c8 + |