wok-stable rev 12431
gnutls: CVE-2014-0092 fix
author | Pascal Bellard <pascal.bellard@slitaz.org> |
---|---|
date | Mon Mar 10 15:55:29 2014 +0000 (2014-03-10) |
parents | d952b25f3d70 |
children | 8262bf9a3072 |
files | gnutls/receipt gnutls/stuff/CVE-2014-0092.u |
line diff
1.1 --- a/gnutls/receipt Mon Jan 13 12:47:34 2014 +0000 1.2 +++ b/gnutls/receipt Mon Mar 10 15:55:29 2014 +0000 1.3 @@ -18,6 +18,9 @@ 1.4 compile_rules() 1.5 { 1.6 cd $src 1.7 + # Apply http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092 fix 1.8 + # from https://www.gitorious.org/gnutls/gnutls/commit/6aa26f78150ccbdf0aec1878a41c17c41d358a3b 1.9 + patch -p1 < $stuff/CVE-2014-0092.u 1.10 ./configure --with-libgcrypt \ 1.11 --disable-guile \ 1.12 --with-zlib \
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/gnutls/stuff/CVE-2014-0092.u Mon Mar 10 15:55:29 2014 +0000 2.3 @@ -0,0 +1,102 @@ 2.4 +From 6aa26f78150ccbdf0aec1878a41c17c41d358a3b Mon Sep 17 00:00:00 2001 2.5 +From: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2.6 +Date: Thu, 27 Feb 2014 19:42:26 +0100 2.7 +Subject: [PATCH] corrected return codes 2.8 + 2.9 +--- 2.10 + lib/x509/verify.c | 16 ++++++++++------ 2.11 + 1 files changed, 10 insertions(+), 6 deletions(-) 2.12 + 2.13 +diff --git a/lib/x509/verify.c b/lib/x509/verify.c 2.14 +index c9a6b0d..eef85a8 100644 2.15 +--- a/lib/x509/verify.c 2.16 ++++ b/lib/x509/verify.c 2.17 +@@ -141,7 +141,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, 2.18 + if (result < 0) 2.19 + { 2.20 + gnutls_assert (); 2.21 +- goto cleanup; 2.22 ++ goto fail; 2.23 + } 2.24 + 2.25 + result = 2.26 +@@ -150,7 +150,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, 2.27 + if (result < 0) 2.28 + { 2.29 + gnutls_assert (); 2.30 +- goto cleanup; 2.31 ++ goto fail; 2.32 + } 2.33 + 2.34 + result = 2.35 +@@ -158,7 +158,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, 2.36 + if (result < 0) 2.37 + { 2.38 + gnutls_assert (); 2.39 +- goto cleanup; 2.40 ++ goto fail; 2.41 + } 2.42 + 2.43 + result = 2.44 +@@ -166,7 +166,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, 2.45 + if (result < 0) 2.46 + { 2.47 + gnutls_assert (); 2.48 +- goto cleanup; 2.49 ++ goto fail; 2.50 + } 2.51 + 2.52 + /* If the subject certificate is the same as the issuer 2.53 +@@ -206,6 +206,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, 2.54 + else 2.55 + gnutls_assert (); 2.56 + 2.57 ++fail: 2.58 + result = 0; 2.59 + 2.60 + cleanup: 2.61 +@@ -330,7 +331,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, 2.62 + gnutls_datum_t cert_signed_data = { NULL, 0 }; 2.63 + gnutls_datum_t cert_signature = { NULL, 0 }; 2.64 + gnutls_x509_crt_t issuer = NULL; 2.65 +- int issuer_version, result; 2.66 ++ int issuer_version, result = 0; 2.67 + 2.68 + if (output) 2.69 + *output = 0; 2.70 +@@ -363,7 +364,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, 2.71 + if (issuer_version < 0) 2.72 + { 2.73 + gnutls_assert (); 2.74 +- return issuer_version; 2.75 ++ return 0; 2.76 + } 2.77 + 2.78 + if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) && 2.79 +@@ -385,6 +386,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, 2.80 + if (result < 0) 2.81 + { 2.82 + gnutls_assert (); 2.83 ++ result = 0; 2.84 + goto cleanup; 2.85 + } 2.86 + 2.87 +@@ -393,6 +395,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, 2.88 + if (result < 0) 2.89 + { 2.90 + gnutls_assert (); 2.91 ++ result = 0; 2.92 + goto cleanup; 2.93 + } 2.94 + 2.95 +@@ -410,6 +413,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, 2.96 + else if (result < 0) 2.97 + { 2.98 + gnutls_assert(); 2.99 ++ result = 0; 2.100 + goto cleanup; 2.101 + } 2.102 + 2.103 +-- 2.104 +1.7.1 2.105 +