36 lines
968 B
Diff
36 lines
968 B
Diff
CVE: CVE-2016-7444
|
|
Upstream-Status: Backport
|
|
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
|
|
|
|
Upstream commit follows:
|
|
|
|
|
|
From 964632f37dfdfb914ebc5e49db4fa29af35b1de9 Mon Sep 17 00:00:00 2001
|
|
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
Date: Sat, 27 Aug 2016 17:00:22 +0200
|
|
Subject: [PATCH] ocsp: corrected the comparison of the serial size in OCSP response
|
|
|
|
Previously the OCSP certificate check wouldn't verify the serial length
|
|
and could succeed in cases it shouldn't.
|
|
|
|
Reported by Stefan Buehler.
|
|
---
|
|
lib/x509/ocsp.c | 1 +
|
|
1 file changed, 1 insertion(+), 0 deletions(-)
|
|
|
|
diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
|
|
index 92db9b6..8181f2e 100644
|
|
--- a/lib/x509/ocsp.c
|
|
+++ b/lib/x509/ocsp.c
|
|
@@ -1318,6 +1318,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp,
|
|
gnutls_assert();
|
|
goto cleanup;
|
|
}
|
|
+ cserial.size = t;
|
|
|
|
if (rserial.size != cserial.size
|
|
|| memcmp(cserial.data, rserial.data, rserial.size) != 0) {
|
|
--
|
|
libgit2 0.24.0
|
|
|