diff options
| author |   Alon Bar-Lev <alonbl@gentoo.org> | 2014-03-04 15:43:05 +0000 |
|---|---|---|
| committer | Alon Bar-Lev <alonbl@gentoo.org> | 2014-03-04 15:43:05 +0000 |
| commit | f40ee1a08562ac86eeeb779c29814b855dabee58 (patch) | |
| tree | 16438f57fbbfd0437fe8bc03b00527e0599172ac /net-libs/gnutls/files | |
| parent | Restore mask on www-plugins/chrome-binary-plugins:unstable. (diff) | |
| download | gentoo-2-f40ee1a08562ac86eeeb779c29814b855dabee58.tar.gz gentoo-2-f40ee1a08562ac86eeeb779c29814b855dabee58.tar.bz2 gentoo-2-f40ee1a08562ac86eeeb779c29814b855dabee58.zip | |
Fix CVE-2014-0092, bug#503394
(Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key BF20DC51)
Diffstat (limited to 'net-libs/gnutls/files')
| -rw-r--r-- | net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-0092.patch | 102 |
1 files changed, 102 insertions, 0 deletions
diff --git a/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-0092.patch b/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-0092.patch new file mode 100644 index 000000000000..21d3f3b9c467 --- /dev/null +++ b/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-0092.patch @@ -0,0 +1,102 @@ +From 6aa26f78150ccbdf0aec1878a41c17c41d358a3b Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@gnutls.org> +Date: Thu, 27 Feb 2014 19:42:26 +0100 +Subject: [PATCH] corrected return codes + +--- + lib/x509/verify.c | 16 ++++++++++------ + 1 files changed, 10 insertions(+), 6 deletions(-) + +diff --git a/lib/x509/verify.c b/lib/x509/verify.c +index c9a6b0d..eef85a8 100644 +--- a/lib/x509/verify.c ++++ b/lib/x509/verify.c +@@ -141,7 +141,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, + if (result < 0) + { + gnutls_assert (); +- goto cleanup; ++ goto fail; + } + + result = +@@ -150,7 +150,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, + if (result < 0) + { + gnutls_assert (); +- goto cleanup; ++ goto fail; + } + + result = +@@ -158,7 +158,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, + if (result < 0) + { + gnutls_assert (); +- goto cleanup; ++ goto fail; + } + + result = +@@ -166,7 +166,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, + if (result < 0) + { + gnutls_assert (); +- goto cleanup; ++ goto fail; + } + + /* If the subject certificate is the same as the issuer +@@ -206,6 +206,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, + else + gnutls_assert (); + ++fail: + result = 0; + + cleanup: +@@ -330,7 +331,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, + gnutls_datum_t cert_signed_data = { NULL, 0 }; + gnutls_datum_t cert_signature = { NULL, 0 }; + gnutls_x509_crt_t issuer = NULL; +- int issuer_version, result; ++ int issuer_version, result = 0; + + if (output) + *output = 0; +@@ -363,7 +364,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, + if (issuer_version < 0) + { + gnutls_assert (); +- return issuer_version; ++ return 0; + } + + if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) && +@@ -385,6 +386,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, + if (result < 0) + { + gnutls_assert (); ++ result = 0; + goto cleanup; + } + +@@ -393,6 +395,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, + if (result < 0) + { + gnutls_assert (); ++ result = 0; + goto cleanup; + } + +@@ -410,6 +413,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, + else if (result < 0) + { + gnutls_assert(); ++ result = 0; + goto cleanup; + } + +-- +1.7.1 + |