File gnutls-CVE-2017-7869.patch of Package gnutls.8596

Overview Repositories Revisions Requests Users Attributes Meta

File gnutls-CVE-2017-7869.patch of Package gnutls.8596

commit 51464af713d71802e3c6d5ac15f1a95132a354fe
Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Mon Feb 20 11:13:08 2017 +0100

cdk_pkt_read: enforce packet limits
    
    That ensures that there are no overflows in the subsequent
    calculations.
    
    Resolves the oss-fuzz found bug:
    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
    
    Relates: #159
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Index: gnutls-3.2.15/lib/opencdk/read-packet.c
===================================================================
--- gnutls-3.2.15.orig/lib/opencdk/read-packet.c	2017-06-28 15:23:56.156263535 +0200
+++ gnutls-3.2.15/lib/opencdk/read-packet.c	2017-06-28 15:23:56.168263730 +0200
@@ -946,6 +946,7 @@ static cdk_error_t skip_packet(cdk_strea
 	return 0;
 }
 
+#define MAX_PACKET_LEN (1<<24)
 
 /**
  * cdk_pkt_read:
@@ -998,6 +999,13 @@ cdk_error_t cdk_pkt_read(cdk_stream_t in
 	else
 		read_old_length(inp, ctb, &pktlen, &pktsize);
 
+	/* enforce limits to ensure that the following calculations
+	 * do not overflow */
+	if (pktlen >= MAX_PACKET_LEN || pktsize >= MAX_PACKET_LEN) {
+		_cdk_log_info("cdk_pkt_read: too long packet\n");
+		return gnutls_assert_val(CDK_Inv_Packet);
+	}
+
 	pkt->pkttype = pkttype;
 	pkt->pktlen = pktlen;
 	pkt->pktsize = pktsize + pktlen;

Places

File gnutls-CVE-2017-7869.patch of Package gnutls.8596

Places