search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
gnutls-3: fix recent CVEs
[unleashed-userland.git] / components / library / gnutls-3 / patches / 04-CVE-2017-5334.patch
blobc6564a690ff1ee7cf6f1306c7c9533613c205894
1 From bbfd47d4bb6935b3eddae227deb9f340e2c1a69d Mon Sep 17 00:00:00 2001
2 From: Nikos Mavrogiannopoulos <nmav@redhat.com>
3 Date: Thu, 15 Dec 2016 15:02:18 +0100
4 Subject: [PATCH] gnutls_x509_ext_import_proxy: fix issue reading the policy language
5
6 If the language was set but the policy wasn't, that could lead to
7 a double free, as the value returned to the user was freed.
8 ---
9 lib/x509/x509_ext.c | 22 +++++++++++-----------
10 1 file changed, 11 insertions(+), 11 deletions(-)
11
12 Index: gnutls28-3.4.10/lib/x509/x509_ext.c
13 ===================================================================
14 --- gnutls28-3.4.10.orig/lib/x509/x509_ext.c 2017-01-26 10:10:40.316650700 -0500
15 +++ gnutls28-3.4.10/lib/x509/x509_ext.c 2017-01-26 10:10:40.312650643 -0500
16 @@ -1415,7 +1415,8 @@
17 {
18 ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
19 int result;
20 - gnutls_datum_t value = { NULL, 0 };
21 + gnutls_datum_t value1 = { NULL, 0 };
22 + gnutls_datum_t value2 = { NULL, 0 };
23
24 if ((result = asn1_create_element
25 (_gnutls_get_pkix(), "PKIX1.ProxyCertInfo",
26 @@ -1445,20 +1446,18 @@
27 }
28
29 result = _gnutls_x509_read_value(c2, "proxyPolicy.policyLanguage",
30 - &value);
31 + &value1);
32 if (result < 0) {
33 gnutls_assert();
34 goto cleanup;
35 }
36
37 if (policyLanguage) {
38 - *policyLanguage = (char *)value.data;
39 - } else {
40 - gnutls_free(value.data);
41 - value.data = NULL;
42 + *policyLanguage = (char *)value1.data;
43 + value1.data = NULL;
44 }
45
46 - result = _gnutls_x509_read_value(c2, "proxyPolicy.policy", &value);
47 + result = _gnutls_x509_read_value(c2, "proxyPolicy.policy", &value2);
48 if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) {
49 if (policy)
50 *policy = NULL;
51 @@ -1469,16 +1468,17 @@
52 goto cleanup;
53 } else {
54 if (policy) {
55 - *policy = (char *)value.data;
56 - value.data = NULL;
57 + *policy = (char *)value2.data;
58 + value2.data = NULL;
59 }
60 if (sizeof_policy)
61 - *sizeof_policy = value.size;
62 + *sizeof_policy = value2.size;
63 }
64
65 result = 0;
66 cleanup:
67 - gnutls_free(value.data);
68 + gnutls_free(value1.data);
69 + gnutls_free(value2.data);
70 asn1_delete_structure(&c2);
71
72 return result;
Unleashed OS - userland