diff options
Diffstat (limited to 'meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch')
-rw-r--r-- | meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch b/meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch new file mode 100644 index 0000000000..dd118f599a --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch @@ -0,0 +1,30 @@ +From fcf3745f1d03c4a97e87ef4341269c645fdda787 Mon Sep 17 00:00:00 2001 +From: Valentin Popa <valentin.popa@intel.com> +Date: Thu, 5 Jun 2014 11:50:11 +0300 +Subject: [PATCH] CVE-2014-3466 + +Prevent memory corruption due to server hello parsing. + +Upstream-Status: Backport + +Signed-off-by: Valentin Popa <valentin.popa@intel.com> +--- + lib/gnutls_handshake.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c +index e4a63e4..e652528 100644 +--- a/lib/gnutls_handshake.c ++++ b/lib/gnutls_handshake.c +@@ -1797,7 +1797,7 @@ _gnutls_read_server_hello (gnutls_session_t session, + DECR_LEN (len, 1); + session_id_len = data[pos++]; + +- if (len < session_id_len) ++ if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE) + { + gnutls_assert (); + return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; +-- +1.9.1 + |