source: trunk/server/common/patches/gnutls-2.12.x-cve-2014-0092.patch @ 2507

Last change on this file since 2507 was 2507, checked in by achernya, 10 years ago
Fix gnutls CVE 2014-0092
File size: 2.1 KB

  • lib/x509/verify.c 

    diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 2efcebf..e9c704d 100644
    a b check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, 
    141141  if (result < 0)
    142142    {
    143143      gnutls_assert ();
    144       goto cleanup;
     144      goto fail;
    145145    }
    146146
    147147  result =
    check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, 
    150150  if (result < 0)
    151151    {
    152152      gnutls_assert ();
    153       goto cleanup;
     153      goto fail;
    154154    }
    155155
    156156  result =
    check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, 
    158158  if (result < 0)
    159159    {
    160160      gnutls_assert ();
    161       goto cleanup;
     161      goto fail;
    162162    }
    163163
    164164  result =
    check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, 
    166166  if (result < 0)
    167167    {
    168168      gnutls_assert ();
    169       goto cleanup;
     169      goto fail;
    170170    }
    171171
    172172  /* If the subject certificate is the same as the issuer
    check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, 
    206206  else
    207207    gnutls_assert ();
    208208
     209fail:
    209210  result = 0;
    210211
    211212cleanup:
    _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, 
    330331  gnutls_datum_t cert_signed_data = { NULL, 0 };
    331332  gnutls_datum_t cert_signature = { NULL, 0 };
    332333  gnutls_x509_crt_t issuer = NULL;
    333   int issuer_version, result;
     334  int issuer_version, result = 0;
    334335
    335336  if (output)
    336337    *output = 0;
    _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, 
    363364  if (issuer_version < 0)
    364365    {
    365366      gnutls_assert ();
    366       return issuer_version;
     367      return 0;
    367368    }
    368369
    369370  if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
    _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, 
    385386  if (result < 0)
    386387    {
    387388      gnutls_assert ();
     389      result = 0;
    388390      goto cleanup;
    389391    }
    390392
    _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, 
    393395  if (result < 0)
    394396    {
    395397      gnutls_assert ();
     398      result = 0;
    396399      goto cleanup;
    397400    }
    398401
    _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, 
    410413  else if (result < 0)
    411414    {
    412415      gnutls_assert();
     416      result = 0;
    413417      goto cleanup;
    414418    }
    415419
Note: See TracBrowser for help on using the repository browser.