aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch')
-rw-r--r--meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch30
1 files changed, 30 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch b/meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch
new file mode 100644
index 0000000000..dd118f599a
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch
@@ -0,0 +1,30 @@
+From fcf3745f1d03c4a97e87ef4341269c645fdda787 Mon Sep 17 00:00:00 2001
+From: Valentin Popa <valentin.popa@intel.com>
+Date: Thu, 5 Jun 2014 11:50:11 +0300
+Subject: [PATCH] CVE-2014-3466
+
+Prevent memory corruption due to server hello parsing.
+
+Upstream-Status: Backport
+
+Signed-off-by: Valentin Popa <valentin.popa@intel.com>
+---
+ lib/gnutls_handshake.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
+index e4a63e4..e652528 100644
+--- a/lib/gnutls_handshake.c
++++ b/lib/gnutls_handshake.c
+@@ -1797,7 +1797,7 @@ _gnutls_read_server_hello (gnutls_session_t session,
+ DECR_LEN (len, 1);
+ session_id_len = data[pos++];
+
+- if (len < session_id_len)
++ if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+--
+1.9.1
+
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-26 17:19:01 +0000