Source:

Info:

Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c

in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client

that performs nonstandard session resumption, allows remote TLS servers to

cause a denial of service (application crash) via a large SessionTicket.

Status:

Need to determine if this patch has been sent upstream.

--- gnutls-2.8.6/lib/gnutls_session.c.orig Fri Apr 6 11:19:30 2012

+++ gnutls-2.8.6/lib/gnutls_session.c Fri Apr 6 11:19:51 2012

@@ -64,7 +64,6 @@

gnutls_assert ();

return ret;

}

- *session_data_size = psession.size;

if (psession.size > *session_data_size)

{

@@ -71,6 +70,7 @@

ret = GNUTLS_E_SHORT_MEMORY_BUFFER;

goto error;

}

+ *session_data_size = psession.size;

if (session_data != NULL)

memcpy (session_data, psession.data, psession.size);