calculate
/
gentoo-overlay
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3977d21745'
${ noResults }
gentoo-overlay/net-libs/gnutls/files/gnutls-2.12.23-CVE-2013-211...

26 lines
855 B
Raw Blame History

From 5164d5a1d57cd0372a5dd074382ca960ca18b27d Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Thu, 23 May 2013 09:54:37 +0200
Subject: [PATCH] re-applied sanity check patch
---
lib/gnutls_cipher.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index 2835121..71f5a98 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -561,6 +561,8 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
return GNUTLS_E_DECRYPTION_FAILED;
}
pad = ciphertext.data[ciphertext.size - 1]; /* pad */
+ if (pad+1 > ciphertext.size-hash_size)
+ pad_failed = GNUTLS_E_DECRYPTION_FAILED;
/* Check the pading bytes (TLS 1.x).
* Note that we access all 256 bytes of ciphertext for padding check
--
1.7.1
Reference in new issue View Git Blame Copy Permalink