diff -durN gnutls-2.0.4/lib/ext_server_name.c gnutls-2.0.4-alt2/lib/ext_server_name.c
--- gnutls-2.0.4/lib/ext_server_name.c 2007-11-15 18:24:56 +0300
+++ gnutls-2.0.4-alt2/lib/ext_server_name.c 2008-05-21 18:18:25 +0400
@@ -74,10 +74,27 @@
len = _gnutls_read_uint16 (p);
p += 2;
- DECR_LENGTH_RET (data_size, len, 0);
- server_names++;
+ if (len > 0)
+ {
+ DECR_LENGTH_RET (data_size, len, 0);
+ server_names++;
+ p += len;
+ }
+ else
+ _gnutls_handshake_log
+ ("HSK[%x]: Received zero size server name (under attack?)\n",
+ session);
- p += len;
+ }
+
+ /* we cannot accept more server names.
+ */
+ if (server_names > MAX_SERVER_NAME_EXTENSIONS)
+ {
+ _gnutls_handshake_log
+ ("HSK[%x]: Too many server names received (under attack?)\n",
+ session);
+ server_names = MAX_SERVER_NAME_EXTENSIONS;
}
session->security_parameters.extensions.server_names_size =
@@ -85,10 +102,6 @@
if (server_names == 0)
return 0; /* no names found */
- /* we cannot accept more server names.
- */
- if (server_names > MAX_SERVER_NAME_EXTENSIONS)
- server_names = MAX_SERVER_NAME_EXTENSIONS;
p = data + 2;
for (i = 0; i < server_names; i++)
diff -durN gnutls-2.0.4/lib/gnutls_cipher.c gnutls-2.0.4-alt2/lib/gnutls_cipher.c
--- gnutls-2.0.4/lib/gnutls_cipher.c 2007-11-15 18:24:56 +0300
+++ gnutls-2.0.4-alt2/lib/gnutls_cipher.c 2008-05-21 18:18:25 +0400
@@ -447,6 +447,14 @@
return GNUTLS_E_INTERNAL_ERROR;
}
+ if (ciphertext.size < (unsigned) blocksize + hash_size)
+ {
+ _gnutls_record_log
+ ("REC[%x]: Short record length %d < %d + %d (under attack?)\n",
+ session, ciphertext.size, blocksize, hash_size);
+ gnutls_assert ();
+ return GNUTLS_E_DECRYPTION_FAILED;
+ }
/* actual decryption (inplace)
*/
@@ -498,9 +506,7 @@
pad = ciphertext.data[ciphertext.size - 1] + 1; /* pad */
- length = ciphertext.size - hash_size - pad;
-
- if (pad > ciphertext.size - hash_size)
+ if ((int)pad > (int)ciphertext.size - hash_size)
{
gnutls_assert ();
/* We do not fail here. We check below for the
@@ -509,6 +515,8 @@
pad_failed = GNUTLS_E_DECRYPTION_FAILED;
}
+ length = ciphertext.size - hash_size - pad;
+
/* Check the pading bytes (TLS 1.x)
*/
if (ver >= GNUTLS_TLS1 && pad_failed == 0)
diff -durN gnutls-2.0.4/lib/gnutls_handshake.c gnutls-2.0.4-alt2/lib/gnutls_handshake.c
--- gnutls-2.0.4/lib/gnutls_handshake.c 2007-11-15 18:24:56 +0300
+++ gnutls-2.0.4-alt2/lib/gnutls_handshake.c 2008-05-21 18:18:25 +0400
@@ -942,6 +942,14 @@
*recv_type = session->internals.handshake_header_buffer.recv_type;
+ if (*recv_type != type)
+ {
+ gnutls_assert ();
+ _gnutls_handshake_log
+ ("HSK[%x]: Handshake type mismatch (under attack?)\n", session);
+ return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
+ }
+
return session->internals.handshake_header_buffer.packet_length;
}
diff -durN gnutls-2.0.4/lib/gnutls.pc.in gnutls-2.0.4-alt2/lib/gnutls.pc.in
--- gnutls-2.0.4/lib/gnutls.pc.in 2007-11-15 18:21:46 +0300
+++ gnutls-2.0.4-alt2/lib/gnutls.pc.in 2008-05-21 18:18:25 +0400
@@ -18,6 +18,7 @@
Name: GnuTLS
Description: Transport Security Layer implementation for the GNU system
Version: @VERSION@
+Requires: libtasn1
Libs: -L${libdir} -lgnutls
-Libs.private: @LIBGNUTLS_LIBS@
+Libs.private: @LIBGNUTLS_LIBS@
Cflags: -I${includedir}
diff -durN gnutls-2.0.4/lib/gnutlsxx.cpp gnutls-2.0.4-alt2/lib/gnutlsxx.cpp
--- gnutls-2.0.4/lib/gnutlsxx.cpp 2007-11-15 18:24:56 +0300
+++ gnutls-2.0.4-alt2/lib/gnutlsxx.cpp 2008-05-21 18:18:25 +0400
@@ -829,7 +829,9 @@
credentials::credentials( credentials& c)
{
this->type = c.type;
- this->set_ptr( c.ptr());
+ // FIXME: The following doesn't work, because set_ptr is virtual.
+ // What was the intention?
+ // this->set_ptr( c.ptr());
}
#endif
diff -durN gnutls-2.0.4/lib/libgnutls.vers gnutls-2.0.4-alt2/lib/libgnutls.vers
--- gnutls-2.0.4/lib/libgnutls.vers 2007-11-15 18:24:56 +0300
+++ gnutls-2.0.4-alt2/lib/libgnutls.vers 2008-06-20 01:22:50 +0400
@@ -1,7 +1,8 @@
# libgnutls.vers -- Versioning script to control what symbols to export.
-# Copyright (C) 2005, 2006, 2007 Free Software Foundation
+# Copyright (C) 2005 Free Software Foundation
#
# Author: Simon Josefsson
+# Patched by: Pavlov Konstantin
#
# This file is part of GNUTLS.
#
@@ -22,6 +23,60 @@
GNUTLS_1_3
{
- global: _gnutls*; gnutls*;
- local: *;
+ global: _gnutls*; gnutls*; _E_*;
+};
+
+GNUTLS_1_6_1 {
+ global:
+ gnutls_transport_set_errno;
+ gnutls_transport_set_global_errno;
+};
+
+GNUTLS_1_6_3 {
+ global:
+ gnutls_x509_crt_get_raw_dn;
+ gnutls_x509_crt_get_raw_issuer_dn;
+};
+
+GNUTLS_2.0.0 {
+ global:
+ gnutls_authz_enable;
+ gnutls_authz_send_saml_assertion;
+ gnutls_authz_send_saml_assertion_url;
+ gnutls_authz_send_x509_attr_cert;
+ gnutls_authz_send_x509_attr_cert_url;
+ gnutls_certificate_type_list;
+ gnutls_cipher_list;
+ gnutls_cipher_suite_info;
+ gnutls_compression_list;
+ gnutls_kx_list;
+ gnutls_mac_list;
+ gnutls_protocol_list;
+ gnutls_sign_callback_get;
+ gnutls_sign_callback_set;
+ gnutls_supplemental_get_name;
+ gnutls_x509_crl_get_signature;
+ gnutls_x509_crl_print;
+ gnutls_x509_crt_get_basic_constraints;
+ gnutls_x509_crt_get_extension_data;
+ gnutls_x509_crt_get_extension_info;
+ gnutls_x509_crt_get_issuer;
+ gnutls_x509_crt_get_proxy;
+ gnutls_x509_crt_get_signature;
+ gnutls_x509_crt_get_subject;
+ gnutls_x509_crt_get_subject_alt_othername_oid;
+ gnutls_x509_crt_print;
+ gnutls_x509_crt_set_basic_constraints;
+ gnutls_x509_crt_set_proxy;
+ gnutls_x509_crt_set_proxy_dn;
+ gnutls_x509_dn_get_rdn_ava;
+ gnutls_x509_privkey_sign_hash;
+};
+
+GNUTLS_2.0.4 {
+ global:
+ gnutls_record_disable_padding;
+ gnutls_session_enable_compatibility_mode;
+ local:
+ *;
};