[gnutls/f20] Added fix for CVE-2014-0092
Nikos Mavrogiannopoulos
nmav at fedoraproject.org
Mon Mar 3 07:19:28 UTC 2014
commit 4ea868df36f34fde08f000cc7e34636d518b20ff
Author: Nikos Mavrogiannopoulos <nmav at redhat.com>
Date: Thu Feb 27 10:05:25 2014 +0100
Added fix for CVE-2014-0092
gnutls-3.1.18-cve-2014-0092.patch | 128 +++++++++++++++++++++++++++++++++++++
gnutls.spec | 7 ++-
2 files changed, 134 insertions(+), 1 deletions(-)
---
diff --git a/gnutls-3.1.18-cve-2014-0092.patch b/gnutls-3.1.18-cve-2014-0092.patch
new file mode 100644
index 0000000..a0684bb
--- /dev/null
+++ b/gnutls-3.1.18-cve-2014-0092.patch
@@ -0,0 +1,128 @@
+From 43ad7b2ad231489b7ada46e2f34deb82d64dd54d Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav at redhat.com>
+Date: Wed, 19 Feb 2014 11:10:26 +0100
+Subject: [PATCH] corrected return codes.
+
+---
+ lib/x509/verify.c | 22 ++++++++++++++--------
+ 1 file changed, 14 insertions(+), 8 deletions(-)
+
+diff --git a/lib/x509/verify.c b/lib/x509/verify.c
+index 86a901e..d3f349b 100644
+--- a/lib/x509/verify.c
++++ b/lib/x509/verify.c
+@@ -106,7 +106,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
+ if (result < 0)
+ {
+ gnutls_assert ();
+- goto cleanup;
++ goto fail;
+ }
+
+ result =
+@@ -115,7 +115,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
+ if (result < 0)
+ {
+ gnutls_assert ();
+- goto cleanup;
++ goto fail;
+ }
+
+ result =
+@@ -123,7 +123,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
+ if (result < 0)
+ {
+ gnutls_assert ();
+- goto cleanup;
++ goto fail;
+ }
+
+ result =
+@@ -131,7 +131,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
+ if (result < 0)
+ {
+ gnutls_assert ();
+- goto cleanup;
++ goto fail;
+ }
+
+ /* If the subject certificate is the same as the issuer
+@@ -183,6 +183,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
+ else
+ gnutls_assert ();
+
++fail:
+ result = 0;
+
+ cleanup:
+@@ -408,14 +409,15 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
+ if (issuer_version < 0)
+ {
+ gnutls_assert ();
+- return issuer_version;
++ result = 0;
++ goto cleanup;
+ }
+
+ if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
+ ((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT)
+ || issuer_version != 1))
+ {
+- if (check_if_ca (cert, issuer, max_path, flags) == 0)
++ if (check_if_ca (cert, issuer, max_path, flags) != 1)
+ {
+ gnutls_assert ();
+ out = GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID;
+@@ -446,6 +448,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
+ if (result < 0)
+ {
+ gnutls_assert ();
++ result = 0;
+ goto cleanup;
+ }
+
+@@ -454,6 +457,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
+ if (result < 0)
+ {
+ gnutls_assert ();
++ result = 0;
+ goto cleanup;
+ }
+
+@@ -461,6 +465,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
+ if (result < 0)
+ {
+ gnutls_assert ();
++ result = 0;
+ goto cleanup;
+ }
+
+@@ -481,6 +486,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
+ else if (result < 0)
+ {
+ gnutls_assert();
++ result = 0;
+ goto cleanup;
+ }
+
+@@ -650,7 +656,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
+ ret = _gnutls_verify_certificate2 (certificate_list[clist_size - 1],
+ trusted_cas, tcas_size, flags, &output,
+ &issuer, now, &max_path, func);
+- if (ret == 0)
++ if (ret != 1)
+ {
+ /* if the last certificate in the certificate
+ * list is invalid, then the certificate is not
+@@ -681,7 +687,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
+ if ((ret =
+ _gnutls_verify_certificate2 (certificate_list[i - 1],
+ &certificate_list[i], 1, flags,
+- &output, NULL, now, &max_path, func)) == 0)
++ &output, NULL, now, &max_path, func)) != 1)
+ {
+ status |= output;
+ status |= GNUTLS_CERT_INVALID;
+--
+1.8.5.3
+
diff --git a/gnutls.spec b/gnutls.spec
index 35ba17e..4e8eba6 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -3,7 +3,7 @@
Summary: A TLS protocol implementation
Name: gnutls
Version: 3.1.20
-Release: 3%{?dist}
+Release: 4%{?dist}
# The libraries are LGPLv2.1+, utilities are GPLv3+, however
# the bundled gnulib is LGPLv3+
License: GPLv3+ and LGPLv2+ and LGPLv3+
@@ -38,6 +38,7 @@ Patch8: gnutls-3.1.11-nosrp.patch
Patch9: gnutls-3.1.10-tests-rndport.patch
Patch10: gnutls-3.1.18-suiteb.patch
Patch11: gnutls-3.1.20-v1-fix.patch
+Patch12: gnutls-3.1.18-cve-2014-0092.patch
# Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
Provides: bundled(gnulib) = 20130424
@@ -148,6 +149,7 @@ This package contains Guile bindings for the library.
%patch9 -p1 -b .rndport
%patch10 -p1 -b .suiteb
%patch11 -p1 -b .v1-fix
+%patch12 -p1 -b .cve-2014-0092
%{SOURCE2} -e
@@ -281,6 +283,9 @@ fi
%endif
%changelog
+* Thu Feb 27 2014 Nikos Mavrogiannopoulos <nmav at redhat.com> - 3.1.20-4
+- fixes CVE-2014-0092
+
* Fri Feb 14 2014 Nikos Mavrogiannopoulos <nmav at redhat.com> 3.1.20-3
- Fix CVE-2014-1959 (#1065094)
More information about the scm-commits
mailing list