[gnutls/f15] fix CVE-2011-4128 - possible buffer overflow in

Tomáš Mráz tmraz at fedoraproject.org
Fri Mar 23 16:53:47 UTC 2012 

commit b00ad4cc80b3588eec1981e5a150a5df398e73a1
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date:   Fri Mar 23 17:53:42 2012 +0100

    fix CVE-2011-4128 - possible buffer overflow in
    
      gnutls_session_get_data() (#752308)

 gnutls-2.8.5-cve-2011-4128.patch |   19 +++++++++++++++++++
 gnutls.spec                      |    8 +++++++-
 2 files changed, 26 insertions(+), 1 deletions(-)
---
diff --git a/gnutls-2.8.5-cve-2011-4128.patch b/gnutls-2.8.5-cve-2011-4128.patch
new file mode 100644
index 0000000..10f6b9e
--- /dev/null
+++ b/gnutls-2.8.5-cve-2011-4128.patch
@@ -0,0 +1,19 @@
+diff -up gnutls-2.8.5/lib/gnutls_session.c.data-size gnutls-2.8.5/lib/gnutls_session.c
+--- gnutls-2.8.5/lib/gnutls_session.c.data-size	2009-06-02 20:59:32.000000000 +0200
++++ gnutls-2.8.5/lib/gnutls_session.c	2012-03-21 16:17:49.499603724 +0100
+@@ -64,13 +64,14 @@ gnutls_session_get_data (gnutls_session_
+       gnutls_assert ();
+       return ret;
+     }
+-  *session_data_size = psession.size;
+ 
+   if (psession.size > *session_data_size)
+     {
++      *session_data_size = psession.size;
+       ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
+       goto error;
+     }
++  *session_data_size = psession.size;
+ 
+   if (session_data != NULL)
+     memcpy (session_data, psession.data, psession.size);
diff --git a/gnutls.spec b/gnutls.spec
index 55131b6..bcd7249 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -1,7 +1,7 @@
 Summary: A TLS protocol implementation
 Name: gnutls
 Version: 2.10.5
-Release: 2%{?dist}
+Release: 3%{?dist}
 # The libgnutls library is LGPLv2+, utilities and remaining libraries are GPLv3+
 License: GPLv3+ and LGPLv2+
 Group: System Environment/Libraries
@@ -22,6 +22,7 @@ Patch3: gnutls-2.10.1-nosrp.patch
 # Backport from upstream git
 Patch4: gnutls-2.10.1-handshake-errors.patch
 Patch6: gnutls-2.8.5-cve-2012-1573.patch
+Patch7: gnutls-2.8.5-cve-2011-4128.patch
 
 BuildRoot:  %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: libgcrypt >= 1.2.2
@@ -79,6 +80,7 @@ This package contains Guile bindings for the library.
 %patch3 -p1 -b .nosrp
 %patch4 -p1 -b .errors
 %patch6 -p1 -b .packet
+%patch7 -p1 -b .data-size
 
 for i in auth_srp_rsa.c auth_srp_sb64.c auth_srp_passwd.c auth_srp.c gnutls_srp.c ext_srp.c; do
     touch lib/$i
@@ -162,6 +164,10 @@ fi
 %{_datadir}/guile/site/gnutls.scm
 
 %changelog
+* Fri Mar 23 2012 Tomas Mraz <tmraz at redhat.com> 2.10.5-3
+- fix CVE-2011-4128 - possible buffer overflow in
+  gnutls_session_get_data() (#752308)
+
 * Fri Mar 23 2012 Tomas Mraz <tmraz at redhat.com> 2.10.5-2
 - fix CVE-2012-1573 - incorrect checks when parsing packets (#805432)

More information about the scm-commits mailing list