main/gnutls/CVE-2012-1573.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

Description: Validate record size when parsing GenericBlockCipher structure
Origin: backport, http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d

Index: gnutls26-2.10.5/lib/gnutls_cipher.c
===================================================================
--- gnutls26-2.10.5.orig/lib/gnutls_cipher.c	2012-04-04 04:17:33.902871139 -0500
+++ gnutls26-2.10.5/lib/gnutls_cipher.c	2012-04-04 04:17:56.666871679 -0500
@@ -515,14 +515,13 @@
 	{
 	  ciphertext.size -= blocksize;
 	  ciphertext.data += blocksize;
-
-	  if (ciphertext.size == 0)
-	    {
-	      gnutls_assert ();
-	      return GNUTLS_E_DECRYPTION_FAILED;
-	    }
 	}
 
+      if (ciphertext.size < hash_size)
+	{
+	  gnutls_assert ();
+	  return GNUTLS_E_DECRYPTION_FAILED;
+	}
       pad = ciphertext.data[ciphertext.size - 1] + 1;	/* pad */
 
       if ((int) pad > (int) ciphertext.size - hash_size)