diff options
| author |   Chee Yang Lee <chee.yang.lee@intel.com> | 2022-09-13 11:47:38 +0800 |
|---|---|---|
| committer |   Steve Sakoman <steve@sakoman.com> | 2022-09-13 05:35:33 -1000 |
| commit | d08031bffafbd2df7e938d5599af9e818bddba04 (patch) | |
| tree | 755abe3668685ceba7269c20d6b7c41d6fa0411c | |
| parent | 380b6fb2583f875aad0cb28c91b1531e63eb2eeb (diff) | |
| download | openembedded-core-contrib-d08031bffafbd2df7e938d5599af9e818bddba04.tar.gz | |
gnutls: fix CVE-2021-4209
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
| -rw-r--r-- | meta/recipes-support/gnutls/gnutls/CVE-2021-4209.patch | 37 | ||||
| -rw-r--r-- | meta/recipes-support/gnutls/gnutls_3.6.14.bb | 1 |
2 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2021-4209.patch b/meta/recipes-support/gnutls/gnutls/CVE-2021-4209.patch new file mode 100644 index 0000000000..0bcb55e573 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2021-4209.patch @@ -0,0 +1,37 @@ +From 3db352734472d851318944db13be73da61300568 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno <ueno@gnu.org> +Date: Wed, 22 Dec 2021 09:12:25 +0100 +Subject: [PATCH] wrap_nettle_hash_fast: avoid calling _update with zero-length + input + +As Nettle's hash update functions internally call memcpy, providing +zero-length input may cause undefined behavior. + +Signed-off-by: Daiki Ueno <ueno@gnu.org> + +https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568 +Upstream-Status: Backport +CVE: CVE-2021-4209 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + lib/nettle/mac.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c +index f9d4d7a8df..35e070fab0 100644 +--- a/lib/nettle/mac.c ++++ b/lib/nettle/mac.c +@@ -788,7 +788,9 @@ static int wrap_nettle_hash_fast(gnutls_digest_algorithm_t algo, + if (ret < 0) + return gnutls_assert_val(ret); + +- ctx.update(&ctx, text_size, text); ++ if (text_size > 0) { ++ ctx.update(&ctx, text_size, text); ++ } + ctx.digest(&ctx, ctx.length, digest); + + return 0; +-- +GitLab + diff --git a/meta/recipes-support/gnutls/gnutls_3.6.14.bb b/meta/recipes-support/gnutls/gnutls_3.6.14.bb index e9af71c7bd..f1757871ce 100644 --- a/meta/recipes-support/gnutls/gnutls_3.6.14.bb +++ b/meta/recipes-support/gnutls/gnutls_3.6.14.bb @@ -26,6 +26,7 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar file://CVE-2021-20231.patch \ file://CVE-2021-20232.patch \ file://CVE-2022-2509.patch \ + file://CVE-2021-4209.patch \ " SRC_URI[sha256sum] = "5630751adec7025b8ef955af4d141d00d252a985769f51b4059e5affa3d39d63" |