wok-current diff gnutls/stuff/CVE-2014-0092.u @ rev 16053

gnutls: CVE-2014-0092 fix
author Pascal Bellard <pascal.bellard@slitaz.org>
date Mon Mar 10 15:55:04 2014 +0000 (2014-03-10)
parents
children
line diff
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/gnutls/stuff/CVE-2014-0092.u	Mon Mar 10 15:55:04 2014 +0000
     1.3 @@ -0,0 +1,102 @@
     1.4 +From 6aa26f78150ccbdf0aec1878a41c17c41d358a3b Mon Sep 17 00:00:00 2001
     1.5 +From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
     1.6 +Date: Thu, 27 Feb 2014 19:42:26 +0100
     1.7 +Subject: [PATCH] corrected return codes
     1.8 +
     1.9 +---
    1.10 + lib/x509/verify.c |   16 ++++++++++------
    1.11 + 1 files changed, 10 insertions(+), 6 deletions(-)
    1.12 +
    1.13 +diff --git a/lib/x509/verify.c b/lib/x509/verify.c
    1.14 +index c9a6b0d..eef85a8 100644
    1.15 +--- a/lib/x509/verify.c
    1.16 ++++ b/lib/x509/verify.c
    1.17 +@@ -141,7 +141,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
    1.18 +   if (result < 0)
    1.19 +     {
    1.20 +       gnutls_assert ();
    1.21 +-      goto cleanup;
    1.22 ++      goto fail;
    1.23 +     }
    1.24 + 
    1.25 +   result =
    1.26 +@@ -150,7 +150,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
    1.27 +   if (result < 0)
    1.28 +     {
    1.29 +       gnutls_assert ();
    1.30 +-      goto cleanup;
    1.31 ++      goto fail;
    1.32 +     }
    1.33 + 
    1.34 +   result =
    1.35 +@@ -158,7 +158,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
    1.36 +   if (result < 0)
    1.37 +     {
    1.38 +       gnutls_assert ();
    1.39 +-      goto cleanup;
    1.40 ++      goto fail;
    1.41 +     }
    1.42 + 
    1.43 +   result =
    1.44 +@@ -166,7 +166,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
    1.45 +   if (result < 0)
    1.46 +     {
    1.47 +       gnutls_assert ();
    1.48 +-      goto cleanup;
    1.49 ++      goto fail;
    1.50 +     }
    1.51 + 
    1.52 +   /* If the subject certificate is the same as the issuer
    1.53 +@@ -206,6 +206,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
    1.54 +   else
    1.55 +     gnutls_assert ();
    1.56 + 
    1.57 ++fail:
    1.58 +   result = 0;
    1.59 + 
    1.60 + cleanup:
    1.61 +@@ -330,7 +331,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
    1.62 +   gnutls_datum_t cert_signed_data = { NULL, 0 };
    1.63 +   gnutls_datum_t cert_signature = { NULL, 0 };
    1.64 +   gnutls_x509_crt_t issuer = NULL;
    1.65 +-  int issuer_version, result;
    1.66 ++  int issuer_version, result = 0;
    1.67 + 
    1.68 +   if (output)
    1.69 +     *output = 0;
    1.70 +@@ -363,7 +364,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
    1.71 +   if (issuer_version < 0)
    1.72 +     {
    1.73 +       gnutls_assert ();
    1.74 +-      return issuer_version;
    1.75 ++      return 0;
    1.76 +     }
    1.77 + 
    1.78 +   if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
    1.79 +@@ -385,6 +386,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
    1.80 +   if (result < 0)
    1.81 +     {
    1.82 +       gnutls_assert ();
    1.83 ++      result = 0;
    1.84 +       goto cleanup;
    1.85 +     }
    1.86 + 
    1.87 +@@ -393,6 +395,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
    1.88 +   if (result < 0)
    1.89 +     {
    1.90 +       gnutls_assert ();
    1.91 ++      result = 0;
    1.92 +       goto cleanup;
    1.93 +     }
    1.94 + 
    1.95 +@@ -410,6 +413,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
    1.96 +   else if (result < 0)
    1.97 +     {
    1.98 +       gnutls_assert();
    1.99 ++      result = 0;
   1.100 +       goto cleanup;
   1.101 +     }
   1.102 + 
   1.103 +-- 
   1.104 +1.7.1
   1.105 +