source: trunk/server/common/patches/gnutls-2.12.x-cve-2014-0092.patch @ 2507

Last change on this file since 2507 was 2507, checked in by achernya, 10 years ago
Fix gnutls CVE 2014-0092
File size: 2.1 KB
RevLine 
[2507]1diff --git a/lib/x509/verify.c b/lib/x509/verify.c
2index 2efcebf..e9c704d 100644
3--- a/lib/x509/verify.c
4+++ b/lib/x509/verify.c
5@@ -141,7 +141,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
6   if (result < 0)
7     {
8       gnutls_assert ();
9-      goto cleanup;
10+      goto fail;
11     }
12 
13   result =
14@@ -150,7 +150,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
15   if (result < 0)
16     {
17       gnutls_assert ();
18-      goto cleanup;
19+      goto fail;
20     }
21 
22   result =
23@@ -158,7 +158,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
24   if (result < 0)
25     {
26       gnutls_assert ();
27-      goto cleanup;
28+      goto fail;
29     }
30 
31   result =
32@@ -166,7 +166,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
33   if (result < 0)
34     {
35       gnutls_assert ();
36-      goto cleanup;
37+      goto fail;
38     }
39 
40   /* If the subject certificate is the same as the issuer
41@@ -206,6 +206,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
42   else
43     gnutls_assert ();
44 
45+fail:
46   result = 0;
47 
48 cleanup:
49@@ -330,7 +331,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
50   gnutls_datum_t cert_signed_data = { NULL, 0 };
51   gnutls_datum_t cert_signature = { NULL, 0 };
52   gnutls_x509_crt_t issuer = NULL;
53-  int issuer_version, result;
54+  int issuer_version, result = 0;
55 
56   if (output)
57     *output = 0;
58@@ -363,7 +364,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
59   if (issuer_version < 0)
60     {
61       gnutls_assert ();
62-      return issuer_version;
63+      return 0;
64     }
65 
66   if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
67@@ -385,6 +386,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
68   if (result < 0)
69     {
70       gnutls_assert ();
71+      result = 0;
72       goto cleanup;
73     }
74 
75@@ -393,6 +395,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
76   if (result < 0)
77     {
78       gnutls_assert ();
79+      result = 0;
80       goto cleanup;
81     }
82 
83@@ -410,6 +413,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
84   else if (result < 0)
85     {
86       gnutls_assert();
87+      result = 0;
88       goto cleanup;
89     }
90 
91--
921.7.11.7
93
Note: See TracBrowser for help on using the repository browser.