[gnutls/f19] Applied patch to resolve CVE-2014-8564

Nikos Mavrogiannopoulos nmav at fedoraproject.org
Mon Nov 10 09:21:21 UTC 2014 

commit 967baaae9332ba57570975cbba3137a2343206bd
Author: Nikos Mavrogiannopoulos <nmav at redhat.com>
Date:   Mon Nov 10 10:19:46 2014 +0100

    Applied patch to resolve CVE-2014-8564

 gnutls-3.1.20-cve-2014-8564.patch |   62 +++++++++++++++++++++++++++++++++++++
 gnutls.spec                       |    7 +++-
 2 files changed, 68 insertions(+), 1 deletions(-)
---
diff --git a/gnutls-3.1.20-cve-2014-8564.patch b/gnutls-3.1.20-cve-2014-8564.patch
new file mode 100644
index 0000000..1cf1d51
--- /dev/null
+++ b/gnutls-3.1.20-cve-2014-8564.patch
@@ -0,0 +1,62 @@
+From 7429872b74c8216bbf15e241e47aba94369ef083 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav at gnutls.org>
+Date: Mon, 10 Nov 2014 07:50:18 +0100
+Subject: [PATCH] when exporting curve coordinates to X9.63 format, perform
+ additional sanity checks on input
+
+Reported by Sean Burford.
+---
+ lib/gnutls_ecc.c | 25 +++++++++++++++++++++++--
+ 1 file changed, 23 insertions(+), 2 deletions(-)
+
+diff --git a/lib/gnutls_ecc.c b/lib/gnutls_ecc.c
+index 51abe7b..78d6b26 100644
+--- a/lib/gnutls_ecc.c
++++ b/lib/gnutls_ecc.c
+@@ -53,20 +53,41 @@ _gnutls_ecc_ansi_x963_export (gnutls_ecc_curve_t curve, bigint_t x, bigint_t y,
+ 
+   /* pad and store x */
+   byte_size = (_gnutls_mpi_get_nbits (x) + 7) / 8;
++  if (numlen < byte_size)
++    {
++      ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
++      goto cleanup;
++    }
++
+   size = out->size - (1 + (numlen - byte_size));
+   ret = _gnutls_mpi_print (x, &out->data[1 + (numlen - byte_size)], &size);
+   if (ret < 0)
+-    return gnutls_assert_val (ret);
++    {
++      gnutls_assert();
++      goto cleanup;
++    }
+ 
+   byte_size = (_gnutls_mpi_get_nbits (y) + 7) / 8;
++  if (numlen < byte_size)
++    {
++      ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
++      goto cleanup;
++    }
++
+   size = out->size - (1 + (numlen + numlen - byte_size));
+   ret =
+     _gnutls_mpi_print (y, &out->data[1 + numlen + numlen - byte_size], &size);
+   if (ret < 0)
+-    return gnutls_assert_val (ret);
++    {
++      gnutls_assert();
++      goto cleanup;
++    }
+ 
+   /* pad and store y */
+   return 0;
++cleanup:
++  _gnutls_free_datum(out);
++  return ret;
+ }
+ 
+ 
+-- 
+1.9.3
+
diff --git a/gnutls.spec b/gnutls.spec
index 1bc654c..a09cd00 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -3,7 +3,7 @@
 Summary: A TLS protocol implementation
 Name: gnutls
 Version: 3.1.20
-Release: 5%{?dist}
+Release: 6%{?dist}
 # The libraries are LGPLv2.1+, utilities are GPLv3+, however
 # the bundled gnulib is LGPLv3+
 License: GPLv3+ and LGPLv2+ and LGPLv3+
@@ -44,6 +44,7 @@ Patch10: gnutls-3.1.18-suiteb.patch
 Patch11: gnutls-3.1.20-v1-fix.patch
 Patch12: gnutls-3.1.18-cve-2014-0092.patch
 Patch13: gnutls-3.1.18-cve-2014-3466.patch
+Patch14: gnutls-3.1.20-cve-2014-8564.patch
 
 # Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
 Provides: bundled(gnulib) = 20130424
@@ -156,6 +157,7 @@ This package contains Guile bindings for the library.
 %patch11 -p1 -b .v1-fix
 %patch12 -p1 -b .cve-2014-0092
 %patch13 -p1 -b .cve-2014-3466
+%patch14 -p1 .b .cve-2014-8564
 
 %{SOURCE2} -e
 
@@ -291,6 +293,9 @@ fi
 %endif
 
 %changelog
+* Mon Nov 10 2014 Nikos Mavrogiannopoulos <nmav at redhat.com> - 3.1.20-6
+- fixes CVE-2014-8564 (#1162086)
+
 * Fri May 30 2014 Nikos Mavrogiannopoulos <nmav at redhat.com> - 3.1.20-5
 - fixes CVE-2014-3466 (#1103046)

More information about the scm-commits mailing list