From d7e97992befd3fa5c1c6616652a3aa723d08c531 Mon Sep 17 00:00:00 2001 From: Jussi Kukkonen Date: Mon, 10 Oct 2016 11:30:01 +0300 Subject: gnutls: Backport certificate check fix Previously the OCSP certificate check wouldn't verify the serial length and could succeed in cases it shouldn't (CVE-2016-7444). Signed-off-by: Jussi Kukkonen Signed-off-by: Richard Purdie --- .../gnutls/gnutls/CVE-2016-7444.patch | 35 ++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch (limited to 'meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch') diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch b/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch new file mode 100644 index 0000000000..215be5a8ec --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch @@ -0,0 +1,35 @@ +CVE: CVE-2016-7444 +Upstream-Status: Backport +Signed-off-by: Jussi Kukkonen + +Upstream commit follows: + + +From 964632f37dfdfb914ebc5e49db4fa29af35b1de9 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos +Date: Sat, 27 Aug 2016 17:00:22 +0200 +Subject: [PATCH] ocsp: corrected the comparison of the serial size in OCSP response + +Previously the OCSP certificate check wouldn't verify the serial length +and could succeed in cases it shouldn't. + +Reported by Stefan Buehler. +--- + lib/x509/ocsp.c | 1 + + 1 file changed, 1 insertion(+), 0 deletions(-) + +diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c +index 92db9b6..8181f2e 100644 +--- a/lib/x509/ocsp.c ++++ b/lib/x509/ocsp.c +@@ -1318,6 +1318,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp, + gnutls_assert(); + goto cleanup; + } ++ cserial.size = t; + + if (rserial.size != cserial.size + || memcmp(cserial.data, rserial.data, rserial.size) != 0) { +-- +libgit2 0.24.0 + -- cgit 1.2.3-korg