[gnutls/f15] fix CVE-2011-4128 - possible buffer overflow in
Tomáš Mráz
tmraz at fedoraproject.org
Fri Mar 23 16:53:47 UTC 2012
commit b00ad4cc80b3588eec1981e5a150a5df398e73a1
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Fri Mar 23 17:53:42 2012 +0100
fix CVE-2011-4128 - possible buffer overflow in
gnutls_session_get_data() (#752308)
gnutls-2.8.5-cve-2011-4128.patch | 19 +++++++++++++++++++
gnutls.spec | 8 +++++++-
2 files changed, 26 insertions(+), 1 deletions(-)
---
diff --git a/gnutls-2.8.5-cve-2011-4128.patch b/gnutls-2.8.5-cve-2011-4128.patch
new file mode 100644
index 0000000..10f6b9e
--- /dev/null
+++ b/gnutls-2.8.5-cve-2011-4128.patch
@@ -0,0 +1,19 @@
+diff -up gnutls-2.8.5/lib/gnutls_session.c.data-size gnutls-2.8.5/lib/gnutls_session.c
+--- gnutls-2.8.5/lib/gnutls_session.c.data-size 2009-06-02 20:59:32.000000000 +0200
++++ gnutls-2.8.5/lib/gnutls_session.c 2012-03-21 16:17:49.499603724 +0100
+@@ -64,13 +64,14 @@ gnutls_session_get_data (gnutls_session_
+ gnutls_assert ();
+ return ret;
+ }
+- *session_data_size = psession.size;
+
+ if (psession.size > *session_data_size)
+ {
++ *session_data_size = psession.size;
+ ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ goto error;
+ }
++ *session_data_size = psession.size;
+
+ if (session_data != NULL)
+ memcpy (session_data, psession.data, psession.size);
diff --git a/gnutls.spec b/gnutls.spec
index 55131b6..bcd7249 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -1,7 +1,7 @@
Summary: A TLS protocol implementation
Name: gnutls
Version: 2.10.5
-Release: 2%{?dist}
+Release: 3%{?dist}
# The libgnutls library is LGPLv2+, utilities and remaining libraries are GPLv3+
License: GPLv3+ and LGPLv2+
Group: System Environment/Libraries
@@ -22,6 +22,7 @@ Patch3: gnutls-2.10.1-nosrp.patch
# Backport from upstream git
Patch4: gnutls-2.10.1-handshake-errors.patch
Patch6: gnutls-2.8.5-cve-2012-1573.patch
+Patch7: gnutls-2.8.5-cve-2011-4128.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: libgcrypt >= 1.2.2
@@ -79,6 +80,7 @@ This package contains Guile bindings for the library.
%patch3 -p1 -b .nosrp
%patch4 -p1 -b .errors
%patch6 -p1 -b .packet
+%patch7 -p1 -b .data-size
for i in auth_srp_rsa.c auth_srp_sb64.c auth_srp_passwd.c auth_srp.c gnutls_srp.c ext_srp.c; do
touch lib/$i
@@ -162,6 +164,10 @@ fi
%{_datadir}/guile/site/gnutls.scm
%changelog
+* Fri Mar 23 2012 Tomas Mraz <tmraz at redhat.com> 2.10.5-3
+- fix CVE-2011-4128 - possible buffer overflow in
+ gnutls_session_get_data() (#752308)
+
* Fri Mar 23 2012 Tomas Mraz <tmraz at redhat.com> 2.10.5-2
- fix CVE-2012-1573 - incorrect checks when parsing packets (#805432)
More information about the scm-commits
mailing list