[gnutls/f19] Applied patch to resolve CVE-2014-8564
Nikos Mavrogiannopoulos
nmav at fedoraproject.org
Mon Nov 10 09:21:21 UTC 2014
commit 967baaae9332ba57570975cbba3137a2343206bd
Author: Nikos Mavrogiannopoulos <nmav at redhat.com>
Date: Mon Nov 10 10:19:46 2014 +0100
Applied patch to resolve CVE-2014-8564
gnutls-3.1.20-cve-2014-8564.patch | 62 +++++++++++++++++++++++++++++++++++++
gnutls.spec | 7 +++-
2 files changed, 68 insertions(+), 1 deletions(-)
---
diff --git a/gnutls-3.1.20-cve-2014-8564.patch b/gnutls-3.1.20-cve-2014-8564.patch
new file mode 100644
index 0000000..1cf1d51
--- /dev/null
+++ b/gnutls-3.1.20-cve-2014-8564.patch
@@ -0,0 +1,62 @@
+From 7429872b74c8216bbf15e241e47aba94369ef083 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav at gnutls.org>
+Date: Mon, 10 Nov 2014 07:50:18 +0100
+Subject: [PATCH] when exporting curve coordinates to X9.63 format, perform
+ additional sanity checks on input
+
+Reported by Sean Burford.
+---
+ lib/gnutls_ecc.c | 25 +++++++++++++++++++++++--
+ 1 file changed, 23 insertions(+), 2 deletions(-)
+
+diff --git a/lib/gnutls_ecc.c b/lib/gnutls_ecc.c
+index 51abe7b..78d6b26 100644
+--- a/lib/gnutls_ecc.c
++++ b/lib/gnutls_ecc.c
+@@ -53,20 +53,41 @@ _gnutls_ecc_ansi_x963_export (gnutls_ecc_curve_t curve, bigint_t x, bigint_t y,
+
+ /* pad and store x */
+ byte_size = (_gnutls_mpi_get_nbits (x) + 7) / 8;
++ if (numlen < byte_size)
++ {
++ ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
++ goto cleanup;
++ }
++
+ size = out->size - (1 + (numlen - byte_size));
+ ret = _gnutls_mpi_print (x, &out->data[1 + (numlen - byte_size)], &size);
+ if (ret < 0)
+- return gnutls_assert_val (ret);
++ {
++ gnutls_assert();
++ goto cleanup;
++ }
+
+ byte_size = (_gnutls_mpi_get_nbits (y) + 7) / 8;
++ if (numlen < byte_size)
++ {
++ ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
++ goto cleanup;
++ }
++
+ size = out->size - (1 + (numlen + numlen - byte_size));
+ ret =
+ _gnutls_mpi_print (y, &out->data[1 + numlen + numlen - byte_size], &size);
+ if (ret < 0)
+- return gnutls_assert_val (ret);
++ {
++ gnutls_assert();
++ goto cleanup;
++ }
+
+ /* pad and store y */
+ return 0;
++cleanup:
++ _gnutls_free_datum(out);
++ return ret;
+ }
+
+
+--
+1.9.3
+
diff --git a/gnutls.spec b/gnutls.spec
index 1bc654c..a09cd00 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -3,7 +3,7 @@
Summary: A TLS protocol implementation
Name: gnutls
Version: 3.1.20
-Release: 5%{?dist}
+Release: 6%{?dist}
# The libraries are LGPLv2.1+, utilities are GPLv3+, however
# the bundled gnulib is LGPLv3+
License: GPLv3+ and LGPLv2+ and LGPLv3+
@@ -44,6 +44,7 @@ Patch10: gnutls-3.1.18-suiteb.patch
Patch11: gnutls-3.1.20-v1-fix.patch
Patch12: gnutls-3.1.18-cve-2014-0092.patch
Patch13: gnutls-3.1.18-cve-2014-3466.patch
+Patch14: gnutls-3.1.20-cve-2014-8564.patch
# Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
Provides: bundled(gnulib) = 20130424
@@ -156,6 +157,7 @@ This package contains Guile bindings for the library.
%patch11 -p1 -b .v1-fix
%patch12 -p1 -b .cve-2014-0092
%patch13 -p1 -b .cve-2014-3466
+%patch14 -p1 .b .cve-2014-8564
%{SOURCE2} -e
@@ -291,6 +293,9 @@ fi
%endif
%changelog
+* Mon Nov 10 2014 Nikos Mavrogiannopoulos <nmav at redhat.com> - 3.1.20-6
+- fixes CVE-2014-8564 (#1162086)
+
* Fri May 30 2014 Nikos Mavrogiannopoulos <nmav at redhat.com> - 3.1.20-5
- fixes CVE-2014-3466 (#1103046)
More information about the scm-commits
mailing list