diff options
Diffstat (limited to 'meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch')
| -rw-r--r-- | meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch | 35 |
1 files changed, 0 insertions, 35 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch b/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch deleted file mode 100644 index 215be5a8ec..0000000000 --- a/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch +++ /dev/null @@ -1,35 +0,0 @@ -CVE: CVE-2016-7444 -Upstream-Status: Backport -Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> - -Upstream commit follows: - - -From 964632f37dfdfb914ebc5e49db4fa29af35b1de9 Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos <nmav@gnutls.org> -Date: Sat, 27 Aug 2016 17:00:22 +0200 -Subject: [PATCH] ocsp: corrected the comparison of the serial size in OCSP response - -Previously the OCSP certificate check wouldn't verify the serial length -and could succeed in cases it shouldn't. - -Reported by Stefan Buehler. ---- - lib/x509/ocsp.c | 1 + - 1 file changed, 1 insertion(+), 0 deletions(-) - -diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c -index 92db9b6..8181f2e 100644 ---- a/lib/x509/ocsp.c -+++ b/lib/x509/ocsp.c -@@ -1318,6 +1318,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp, - gnutls_assert(); - goto cleanup; - } -+ cserial.size = t; - - if (rserial.size != cserial.size - || memcmp(cserial.data, rserial.data, rserial.size) != 0) { --- -libgit2 0.24.0 - |