gnutls/patches/02-cve-2012-1573.patch

Source:
http://www.gnutls.org/security.html
Info:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1573
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15
does not properly handle data encrypted with a block cipher, which allows
remote attackers to cause a denial of service (heap memory corruption and
application crash) via a crafted record, as demonstrated by a crafted
GenericBlockCipher structure.
Status:
Need to determine if this patch has been sent upstream.

--- gnutls-2.8.6/lib/gnutls_cipher.c.orig   Mon Nov  2 18:30:39 2009
+++ gnutls-2.8.6/lib/gnutls_cipher.c    Fri Apr  6 11:09:15 2012
@@ -502,12 +502,12 @@
      ciphertext.size -= blocksize;
      ciphertext.data += blocksize;

-     if (ciphertext.size == 0)
-       {
-         gnutls_assert ();
-         return GNUTLS_E_DECRYPTION_FAILED;
-       }
    }
+      if (ciphertext.size < hash_size)
+   {
+     gnutls_assert ();
+     return GNUTLS_E_DECRYPTION_FAILED;
+   }

       pad = ciphertext.data[ciphertext.size - 1] + 1;  /* pad */