gnutls: Backport certificate check fix
Previously the OCSP certificate check wouldn't verify the serial length and could succeed in cases it shouldn't (CVE-2016-7444). (From OE-Core rev: d7e97992befd3fa5c1c6616652a3aa723d08c531) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
b9d6a7cc23
commit
fbdeb3f3e7
|
@ -0,0 +1,35 @@
|
|||
CVE: CVE-2016-7444
|
||||
Upstream-Status: Backport
|
||||
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
|
||||
|
||||
Upstream commit follows:
|
||||
|
||||
|
||||
From 964632f37dfdfb914ebc5e49db4fa29af35b1de9 Mon Sep 17 00:00:00 2001
|
||||
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
||||
Date: Sat, 27 Aug 2016 17:00:22 +0200
|
||||
Subject: [PATCH] ocsp: corrected the comparison of the serial size in OCSP response
|
||||
|
||||
Previously the OCSP certificate check wouldn't verify the serial length
|
||||
and could succeed in cases it shouldn't.
|
||||
|
||||
Reported by Stefan Buehler.
|
||||
---
|
||||
lib/x509/ocsp.c | 1 +
|
||||
1 file changed, 1 insertion(+), 0 deletions(-)
|
||||
|
||||
diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
|
||||
index 92db9b6..8181f2e 100644
|
||||
--- a/lib/x509/ocsp.c
|
||||
+++ b/lib/x509/ocsp.c
|
||||
@@ -1318,6 +1318,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp,
|
||||
gnutls_assert();
|
||||
goto cleanup;
|
||||
}
|
||||
+ cserial.size = t;
|
||||
|
||||
if (rserial.size != cserial.size
|
||||
|| memcmp(cserial.data, rserial.data, rserial.size) != 0) {
|
||||
--
|
||||
libgit2 0.24.0
|
||||
|
|
@ -4,6 +4,7 @@ SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
|
|||
file://0001-configure.ac-fix-sed-command.patch \
|
||||
file://use-pkg-config-to-locate-zlib.patch \
|
||||
file://0001-Use-correct-include-dir-with-minitasn.patch \
|
||||
file://CVE-2016-7444.patch \
|
||||
"
|
||||
SRC_URI[md5sum] = "6c2c7f40ddf52933ee3ca474cb8cb63c"
|
||||
SRC_URI[sha256sum] = "92c4bc999a10a1b95299ebefaeea8333f19d8a98d957a35b5eae74881bdb1fef"
|
||||
|
|
Loading…
Reference in New Issue