[gnutls/f15] fix CVE-2012-1573 - incorrect checks when parsing packets (#805432)

Tomáš Mráz tmraz at fedoraproject.org
Fri Mar 23 13:44:55 UTC 2012 

commit 1119b5722afd80a5fcabd5a2b31600e1d09c0e1f
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date:   Fri Mar 23 14:37:39 2012 +0100

    fix CVE-2012-1573 - incorrect checks when parsing packets (#805432)

 gnutls-2.8.5-cve-2012-1573.patch |   23 +++++++++++++++++++++++
 gnutls.spec                      |    7 ++++++-
 2 files changed, 29 insertions(+), 1 deletions(-)
---
diff --git a/gnutls-2.8.5-cve-2012-1573.patch b/gnutls-2.8.5-cve-2012-1573.patch
new file mode 100644
index 0000000..c956f09
--- /dev/null
+++ b/gnutls-2.8.5-cve-2012-1573.patch
@@ -0,0 +1,23 @@
+diff -up gnutls-2.8.5/lib/gnutls_cipher.c.packet gnutls-2.8.5/lib/gnutls_cipher.c
+--- gnutls-2.8.5/lib/gnutls_cipher.c.packet	2009-11-02 11:30:39.000000000 +0100
++++ gnutls-2.8.5/lib/gnutls_cipher.c	2012-03-21 15:48:27.101189738 +0100
+@@ -501,14 +501,13 @@ _gnutls_ciphertext2compressed (gnutls_se
+ 	{
+ 	  ciphertext.size -= blocksize;
+ 	  ciphertext.data += blocksize;
+-
+-	  if (ciphertext.size == 0)
+-	    {
+-	      gnutls_assert ();
+-	      return GNUTLS_E_DECRYPTION_FAILED;
+-	    }
+ 	}
+ 
++      if (ciphertext.size < hash_size)
++	{
++	  gnutls_assert ();
++	  return GNUTLS_E_DECRYPTION_FAILED;
++	}
+       pad = ciphertext.data[ciphertext.size - 1] + 1;	/* pad */
+ 
+       if ((int) pad > (int) ciphertext.size - hash_size)
diff --git a/gnutls.spec b/gnutls.spec
index a576286..55131b6 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -1,7 +1,7 @@
 Summary: A TLS protocol implementation
 Name: gnutls
 Version: 2.10.5
-Release: 1%{?dist}
+Release: 2%{?dist}
 # The libgnutls library is LGPLv2+, utilities and remaining libraries are GPLv3+
 License: GPLv3+ and LGPLv2+
 Group: System Environment/Libraries
@@ -21,6 +21,7 @@ Patch2: gnutls-2.8.6-link-libgcrypt.patch
 Patch3: gnutls-2.10.1-nosrp.patch
 # Backport from upstream git
 Patch4: gnutls-2.10.1-handshake-errors.patch
+Patch6: gnutls-2.8.5-cve-2012-1573.patch
 
 BuildRoot:  %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: libgcrypt >= 1.2.2
@@ -77,6 +78,7 @@ This package contains Guile bindings for the library.
 %patch2 -p1 -b .link
 %patch3 -p1 -b .nosrp
 %patch4 -p1 -b .errors
+%patch6 -p1 -b .packet
 
 for i in auth_srp_rsa.c auth_srp_sb64.c auth_srp_passwd.c auth_srp.c gnutls_srp.c ext_srp.c; do
     touch lib/$i
@@ -160,6 +162,9 @@ fi
 %{_datadir}/guile/site/gnutls.scm
 
 %changelog
+* Fri Mar 23 2012 Tomas Mraz <tmraz at redhat.com> 2.10.5-2
+- fix CVE-2012-1573 - incorrect checks when parsing packets (#805432)
+
 * Thu Mar  3 2011 Tomas Mraz <tmraz at redhat.com> 2.10.5-1
 - new upstream version

More information about the scm-commits mailing list