aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch
blob: 215be5a8ec77f5bfd03902a0dfab3f5662155944 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
CVE: CVE-2016-7444
Upstream-Status: Backport
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>

Upstream commit follows:


From 964632f37dfdfb914ebc5e49db4fa29af35b1de9 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sat, 27 Aug 2016 17:00:22 +0200
Subject: [PATCH] ocsp: corrected the comparison of the serial size in OCSP response

Previously the OCSP certificate check wouldn't verify the serial length
and could succeed in cases it shouldn't.

Reported by Stefan Buehler.
---
 lib/x509/ocsp.c | 1 +
 1 file changed, 1 insertion(+), 0 deletions(-)

diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
index 92db9b6..8181f2e 100644
--- a/lib/x509/ocsp.c
+++ b/lib/x509/ocsp.c
@@ -1318,6 +1318,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp,
 		gnutls_assert();
 		goto cleanup;
 	}
+	cserial.size = t;
 
 	if (rserial.size != cserial.size
 	    || memcmp(cserial.data, rserial.data, rserial.size) != 0) {
--
libgit2 0.24.0