Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
SUSE:SLE-12-SP3:GA
gnutls.8596
gnutls-CVE-2017-7869.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gnutls-CVE-2017-7869.patch of Package gnutls.8596
commit 51464af713d71802e3c6d5ac15f1a95132a354fe Author: Nikos Mavrogiannopoulos <nmav@redhat.com> Date: Mon Feb 20 11:13:08 2017 +0100 cdk_pkt_read: enforce packet limits That ensures that there are no overflows in the subsequent calculations. Resolves the oss-fuzz found bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 Relates: #159 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> Index: gnutls-3.2.15/lib/opencdk/read-packet.c =================================================================== --- gnutls-3.2.15.orig/lib/opencdk/read-packet.c 2017-06-28 15:23:56.156263535 +0200 +++ gnutls-3.2.15/lib/opencdk/read-packet.c 2017-06-28 15:23:56.168263730 +0200 @@ -946,6 +946,7 @@ static cdk_error_t skip_packet(cdk_strea return 0; } +#define MAX_PACKET_LEN (1<<24) /** * cdk_pkt_read: @@ -998,6 +999,13 @@ cdk_error_t cdk_pkt_read(cdk_stream_t in else read_old_length(inp, ctb, &pktlen, &pktsize); + /* enforce limits to ensure that the following calculations + * do not overflow */ + if (pktlen >= MAX_PACKET_LEN || pktsize >= MAX_PACKET_LEN) { + _cdk_log_info("cdk_pkt_read: too long packet\n"); + return gnutls_assert_val(CDK_Inv_Packet); + } + pkt->pkttype = pkttype; pkt->pktlen = pktlen; pkt->pktsize = pktsize + pktlen;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor