blob: 2bb0626d99d5310d09adc3e1423474c6fafcfa1c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
From 964632f37dfdfb914ebc5e49db4fa29af35b1de9 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sat, 27 Aug 2016 17:00:22 +0200
Subject: [PATCH] ocsp: corrected the comparison of the serial size in OCSP
response
Previously the OCSP certificate check wouldn't verify the serial length
and could succeed in cases it shouldn't.
Reported by Stefan Buehler.
Upstream-Status: Backport
CVE: CVE-2016-7444
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
lib/x509/ocsp.c | 1 +
1 file changed, 1 insertion(+)
Index: gnutls-3.3.17.1/lib/x509/ocsp.c
===================================================================
--- gnutls-3.3.17.1.orig/lib/x509/ocsp.c
+++ gnutls-3.3.17.1/lib/x509/ocsp.c
@@ -1257,6 +1257,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_r
gnutls_assert();
goto cleanup;
}
+ cserial.size = t;
if (rserial.size != cserial.size
|| memcmp(cserial.data, rserial.data, rserial.size) != 0) {
|
