ALT Linux Bugzilla
– Attachment 2678 Details for
Bug 16103
Patched original tarball packaged in gnutls-2.0.4-alt2.src.rpm
New bug
|
Search
|
[?]
|
Help
Register
|
Log In
[x]
|
Forgot Password
Login:
[x]
|
EN
|
RU
[patch]
diff from original tarball and 2.0.4-alt2
gnutls-2.0.4-alt2.diff (text/plain), 6.03 KB, created by
Yuri N. Sedunov
on 2008-06-20 02:28:37 MSD
(
hide
)
Description:
diff from original tarball and 2.0.4-alt2
Filename:
MIME Type:
Creator:
Yuri N. Sedunov
Created:
2008-06-20 02:28:37 MSD
Size:
6.03 KB
patch
obsolete
>diff -durN gnutls-2.0.4/lib/ext_server_name.c gnutls-2.0.4-alt2/lib/ext_server_name.c >--- gnutls-2.0.4/lib/ext_server_name.c 2007-11-15 18:24:56 +0300 >+++ gnutls-2.0.4-alt2/lib/ext_server_name.c 2008-05-21 18:18:25 +0400 >@@ -74,10 +74,27 @@ > len = _gnutls_read_uint16 (p); > p += 2; > >- DECR_LENGTH_RET (data_size, len, 0); >- server_names++; >+ if (len > 0) >+ { >+ DECR_LENGTH_RET (data_size, len, 0); >+ server_names++; >+ p += len; >+ } >+ else >+ _gnutls_handshake_log >+ ("HSK[%x]: Received zero size server name (under attack?)\n", >+ session); > >- p += len; >+ } >+ >+ /* we cannot accept more server names. >+ */ >+ if (server_names > MAX_SERVER_NAME_EXTENSIONS) >+ { >+ _gnutls_handshake_log >+ ("HSK[%x]: Too many server names received (under attack?)\n", >+ session); >+ server_names = MAX_SERVER_NAME_EXTENSIONS; > } > > session->security_parameters.extensions.server_names_size = >@@ -85,10 +102,6 @@ > if (server_names == 0) > return 0; /* no names found */ > >- /* we cannot accept more server names. >- */ >- if (server_names > MAX_SERVER_NAME_EXTENSIONS) >- server_names = MAX_SERVER_NAME_EXTENSIONS; > > p = data + 2; > for (i = 0; i < server_names; i++) >diff -durN gnutls-2.0.4/lib/gnutls_cipher.c gnutls-2.0.4-alt2/lib/gnutls_cipher.c >--- gnutls-2.0.4/lib/gnutls_cipher.c 2007-11-15 18:24:56 +0300 >+++ gnutls-2.0.4-alt2/lib/gnutls_cipher.c 2008-05-21 18:18:25 +0400 >@@ -447,6 +447,14 @@ > return GNUTLS_E_INTERNAL_ERROR; > } > >+ if (ciphertext.size < (unsigned) blocksize + hash_size) >+ { >+ _gnutls_record_log >+ ("REC[%x]: Short record length %d < %d + %d (under attack?)\n", >+ session, ciphertext.size, blocksize, hash_size); >+ gnutls_assert (); >+ return GNUTLS_E_DECRYPTION_FAILED; >+ } > > /* actual decryption (inplace) > */ >@@ -498,9 +506,7 @@ > > pad = ciphertext.data[ciphertext.size - 1] + 1; /* pad */ > >- length = ciphertext.size - hash_size - pad; >- >- if (pad > ciphertext.size - hash_size) >+ if ((int)pad > (int)ciphertext.size - hash_size) > { > gnutls_assert (); > /* We do not fail here. We check below for the >@@ -509,6 +515,8 @@ > pad_failed = GNUTLS_E_DECRYPTION_FAILED; > } > >+ length = ciphertext.size - hash_size - pad; >+ > /* Check the pading bytes (TLS 1.x) > */ > if (ver >= GNUTLS_TLS1 && pad_failed == 0) >diff -durN gnutls-2.0.4/lib/gnutls_handshake.c gnutls-2.0.4-alt2/lib/gnutls_handshake.c >--- gnutls-2.0.4/lib/gnutls_handshake.c 2007-11-15 18:24:56 +0300 >+++ gnutls-2.0.4-alt2/lib/gnutls_handshake.c 2008-05-21 18:18:25 +0400 >@@ -942,6 +942,14 @@ > > *recv_type = session->internals.handshake_header_buffer.recv_type; > >+ if (*recv_type != type) >+ { >+ gnutls_assert (); >+ _gnutls_handshake_log >+ ("HSK[%x]: Handshake type mismatch (under attack?)\n", session); >+ return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET; >+ } >+ > return session->internals.handshake_header_buffer.packet_length; > } > >diff -durN gnutls-2.0.4/lib/gnutls.pc.in gnutls-2.0.4-alt2/lib/gnutls.pc.in >--- gnutls-2.0.4/lib/gnutls.pc.in 2007-11-15 18:21:46 +0300 >+++ gnutls-2.0.4-alt2/lib/gnutls.pc.in 2008-05-21 18:18:25 +0400 >@@ -18,6 +18,7 @@ > Name: GnuTLS > Description: Transport Security Layer implementation for the GNU system > Version: @VERSION@ >+Requires: libtasn1 > Libs: -L${libdir} -lgnutls >-Libs.private: @LIBGNUTLS_LIBS@ >+Libs.private: @LIBGNUTLS_LIBS@ > Cflags: -I${includedir} >diff -durN gnutls-2.0.4/lib/gnutlsxx.cpp gnutls-2.0.4-alt2/lib/gnutlsxx.cpp >--- gnutls-2.0.4/lib/gnutlsxx.cpp 2007-11-15 18:24:56 +0300 >+++ gnutls-2.0.4-alt2/lib/gnutlsxx.cpp 2008-05-21 18:18:25 +0400 >@@ -829,7 +829,9 @@ > credentials::credentials( credentials& c) > { > this->type = c.type; >- this->set_ptr( c.ptr()); >+ // FIXME: The following doesn't work, because set_ptr is virtual. >+ // What was the intention? >+ // this->set_ptr( c.ptr()); > } > #endif > >diff -durN gnutls-2.0.4/lib/libgnutls.vers gnutls-2.0.4-alt2/lib/libgnutls.vers >--- gnutls-2.0.4/lib/libgnutls.vers 2007-11-15 18:24:56 +0300 >+++ gnutls-2.0.4-alt2/lib/libgnutls.vers 2008-06-20 01:22:50 +0400 >@@ -1,7 +1,8 @@ > # libgnutls.vers -- Versioning script to control what symbols to export. >-# Copyright (C) 2005, 2006, 2007 Free Software Foundation >+# Copyright (C) 2005 Free Software Foundation > # > # Author: Simon Josefsson >+# Patched by: Pavlov Konstantin > # > # This file is part of GNUTLS. > # >@@ -22,6 +23,60 @@ > > GNUTLS_1_3 > { >- global: _gnutls*; gnutls*; >- local: *; >+ global: _gnutls*; gnutls*; _E_*; >+}; >+ >+GNUTLS_1_6_1 { >+ global: >+ gnutls_transport_set_errno; >+ gnutls_transport_set_global_errno; >+}; >+ >+GNUTLS_1_6_3 { >+ global: >+ gnutls_x509_crt_get_raw_dn; >+ gnutls_x509_crt_get_raw_issuer_dn; >+}; >+ >+GNUTLS_2.0.0 { >+ global: >+ gnutls_authz_enable; >+ gnutls_authz_send_saml_assertion; >+ gnutls_authz_send_saml_assertion_url; >+ gnutls_authz_send_x509_attr_cert; >+ gnutls_authz_send_x509_attr_cert_url; >+ gnutls_certificate_type_list; >+ gnutls_cipher_list; >+ gnutls_cipher_suite_info; >+ gnutls_compression_list; >+ gnutls_kx_list; >+ gnutls_mac_list; >+ gnutls_protocol_list; >+ gnutls_sign_callback_get; >+ gnutls_sign_callback_set; >+ gnutls_supplemental_get_name; >+ gnutls_x509_crl_get_signature; >+ gnutls_x509_crl_print; >+ gnutls_x509_crt_get_basic_constraints; >+ gnutls_x509_crt_get_extension_data; >+ gnutls_x509_crt_get_extension_info; >+ gnutls_x509_crt_get_issuer; >+ gnutls_x509_crt_get_proxy; >+ gnutls_x509_crt_get_signature; >+ gnutls_x509_crt_get_subject; >+ gnutls_x509_crt_get_subject_alt_othername_oid; >+ gnutls_x509_crt_print; >+ gnutls_x509_crt_set_basic_constraints; >+ gnutls_x509_crt_set_proxy; >+ gnutls_x509_crt_set_proxy_dn; >+ gnutls_x509_dn_get_rdn_ava; >+ gnutls_x509_privkey_sign_hash; >+}; >+ >+GNUTLS_2.0.4 { >+ global: >+ gnutls_record_disable_padding; >+ gnutls_session_enable_compatibility_mode; >+ local: >+ *; > };
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 16103
: 2678