# HG changeset patch # User Pascal Bellard # Date 1394466929 0 # Node ID ae6d4ce96ae2253fcbe1c7088511179052c435f7 # Parent d952b25f3d708599bea90e98e9dca4cf96c4cfa8 gnutls: CVE-2014-0092 fix diff -r d952b25f3d70 -r ae6d4ce96ae2 gnutls/receipt --- a/gnutls/receipt Mon Jan 13 12:47:34 2014 +0000 +++ b/gnutls/receipt Mon Mar 10 15:55:29 2014 +0000 @@ -18,6 +18,9 @@ compile_rules() { cd $src + # Apply http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092 fix + # from https://www.gitorious.org/gnutls/gnutls/commit/6aa26f78150ccbdf0aec1878a41c17c41d358a3b + patch -p1 < $stuff/CVE-2014-0092.u ./configure --with-libgcrypt \ --disable-guile \ --with-zlib \ diff -r d952b25f3d70 -r ae6d4ce96ae2 gnutls/stuff/CVE-2014-0092.u --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/gnutls/stuff/CVE-2014-0092.u Mon Mar 10 15:55:29 2014 +0000 @@ -0,0 +1,102 @@ +From 6aa26f78150ccbdf0aec1878a41c17c41d358a3b Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos +Date: Thu, 27 Feb 2014 19:42:26 +0100 +Subject: [PATCH] corrected return codes + +--- + lib/x509/verify.c | 16 ++++++++++------ + 1 files changed, 10 insertions(+), 6 deletions(-) + +diff --git a/lib/x509/verify.c b/lib/x509/verify.c +index c9a6b0d..eef85a8 100644 +--- a/lib/x509/verify.c ++++ b/lib/x509/verify.c +@@ -141,7 +141,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, + if (result < 0) + { + gnutls_assert (); +- goto cleanup; ++ goto fail; + } + + result = +@@ -150,7 +150,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, + if (result < 0) + { + gnutls_assert (); +- goto cleanup; ++ goto fail; + } + + result = +@@ -158,7 +158,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, + if (result < 0) + { + gnutls_assert (); +- goto cleanup; ++ goto fail; + } + + result = +@@ -166,7 +166,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, + if (result < 0) + { + gnutls_assert (); +- goto cleanup; ++ goto fail; + } + + /* If the subject certificate is the same as the issuer +@@ -206,6 +206,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, + else + gnutls_assert (); + ++fail: + result = 0; + + cleanup: +@@ -330,7 +331,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, + gnutls_datum_t cert_signed_data = { NULL, 0 }; + gnutls_datum_t cert_signature = { NULL, 0 }; + gnutls_x509_crt_t issuer = NULL; +- int issuer_version, result; ++ int issuer_version, result = 0; + + if (output) + *output = 0; +@@ -363,7 +364,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, + if (issuer_version < 0) + { + gnutls_assert (); +- return issuer_version; ++ return 0; + } + + if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) && +@@ -385,6 +386,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, + if (result < 0) + { + gnutls_assert (); ++ result = 0; + goto cleanup; + } + +@@ -393,6 +395,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, + if (result < 0) + { + gnutls_assert (); ++ result = 0; + goto cleanup; + } + +@@ -410,6 +413,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, + else if (result < 0) + { + gnutls_assert(); ++ result = 0; + goto cleanup; + } + +-- +1.7.1 +