[gnutls/f18] fix CVE-2013-2116 - regression from the TLS-CBC timing attack fix (#966754)
Tomáš Mráz
tmraz at fedoraproject.org
Fri May 31 14:43:15 UTC 2013
commit 7ec95e726c61f4541a0d75650c8c8aba0cac7b20
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Fri May 31 16:43:03 2013 +0200
fix CVE-2013-2116 - regression from the TLS-CBC timing attack fix (#966754)
gnutls-2.12.23-cve-2013-2116.patch | 34 ++++++++++++++++++++++++++++++++++
gnutls.spec | 7 ++++++-
2 files changed, 40 insertions(+), 1 deletions(-)
---
diff --git a/gnutls-2.12.23-cve-2013-2116.patch b/gnutls-2.12.23-cve-2013-2116.patch
new file mode 100644
index 0000000..ec63ca9
--- /dev/null
+++ b/gnutls-2.12.23-cve-2013-2116.patch
@@ -0,0 +1,34 @@
+diff -up gnutls-2.12.23/lib/gnutls_cipher.c.overread gnutls-2.12.23/lib/gnutls_cipher.c
+--- gnutls-2.12.23/lib/gnutls_cipher.c.overread 2013-02-04 09:53:03.000000000 +0100
++++ gnutls-2.12.23/lib/gnutls_cipher.c 2013-05-31 16:38:00.771256253 +0200
+@@ -506,7 +506,9 @@ _gnutls_ciphertext2compressed (gnutls_se
+ unsigned int pad = 0;
+ int length;
+ uint16_t blocksize;
+- int ret, i, pad_failed = 0;
++ int ret, i;
++ unsigned int tmp_pad_failed = 0;
++ unsigned int pad_failed = 0;
+ opaque preamble[PREAMBLE_SIZE];
+ int preamble_size = 0;
+ int ver = gnutls_protocol_get_version (session);
+@@ -566,13 +568,14 @@ _gnutls_ciphertext2compressed (gnutls_se
+ * Note that we access all 256 bytes of ciphertext for padding check
+ * because there is a timing channel in that memory access (in certain CPUs).
+ */
+- if (_gnutls_version_has_variable_padding (ver) && pad_failed == 0)
+- for (i = 2; i <= pad; i++)
++ if (_gnutls_version_has_variable_padding (ver))
++ for (i = 2; i <= MIN(256, ciphertext->size); i++)
+ {
+- if (ciphertext.data[ciphertext.size - i] != pad)
+- pad_failed = GNUTLS_E_DECRYPTION_FAILED;
++ tmp_pad_failed |= (ciphertext.data[ciphertext.size - i] != pad);
++ pad_failed |= ((i<= (1+pad)) & (tmp_pad_failed));
+ }
+-
++
++ pad_failed |= 1+pad > ((int) ciphertext.size - hash_size);
+ if (pad_failed)
+ pad = 0;
+ length = ciphertext.size - hash_size - pad - 1;
diff --git a/gnutls.spec b/gnutls.spec
index 43ee8a8..c096045 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -1,7 +1,7 @@
Summary: A TLS protocol implementation
Name: gnutls
Version: 2.12.23
-Release: 1%{?dist}
+Release: 2%{?dist}
# The libgnutls library is LGPLv2+, utilities and remaining libraries are GPLv3+
License: GPLv3+ and LGPLv2+
Group: System Environment/Libraries
@@ -25,6 +25,7 @@ Patch4: gnutls-2.12.7-dsa-skiptests.patch
Patch6: gnutls-2.12.20-cli-debug-manpage.patch
# Use only FIPS approved ciphers in the FIPS mode
Patch7: gnutls-2.12.21-fips-algorithms.patch
+Patch8: gnutls-2.12.23-cve-2013-2116.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: libgcrypt >= 1.2.2
@@ -97,6 +98,7 @@ This package contains Guile bindings for the library.
%patch4 -p1 -b .skiptests
%patch6 -p1 -b .cli-debug
%patch7 -p1 -b .fips
+%patch8 -p1 -b .overread
for i in auth_srp_rsa.c auth_srp_sb64.c auth_srp_passwd.c auth_srp.c gnutls_srp.c ext_srp.c; do
touch lib/$i
@@ -198,6 +200,9 @@ fi
%{_datadir}/guile/site/gnutls.scm
%changelog
+* Fri May 31 2013 Tomas Mraz <tmraz at redhat.com> 2.12.23-2
+- fix CVE-2013-2116 - regression from the TLS-CBC timing attack fix (#966754)
+
* Thu Feb 21 2013 Tomas Mraz <tmraz at redhat.com> 2.12.23-1
- new upstream version fixing TLS-CBC timing attack
More information about the scm-commits
mailing list