gnutls/patches/06-cve-2014-0092.patch

Source:
http://www.gnutls.org/security.html
Info:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not
properly handle unspecified errors when verifying X.509 certificates from SSL
servers, which allows man-in-the-middle attackers to spoof servers via a
crafted certificate.
Status:
Need to determine if this patch has been sent upstream.

--- gnutls-2.8.6/lib/x509/verify.c.orig Thu Mar  6 14:01:51 2014
+++ gnutls-2.8.6/lib/x509/verify.c  Thu Mar  6 14:50:52 2014
@@ -112,7 +112,7 @@
   if (result < 0)
     {
       gnutls_assert ();
-      goto cleanup;
+      goto fail;
     }

   result =
@@ -121,7 +121,7 @@
   if (result < 0)
     {
       gnutls_assert ();
-      goto cleanup;
+      goto fail;
     }

   result =
@@ -129,7 +129,7 @@
   if (result < 0)
     {
       gnutls_assert ();
-      goto cleanup;
+      goto fail;
     }

   result =
@@ -137,7 +137,7 @@
   if (result < 0)
     {
       gnutls_assert ();
-      goto cleanup;
+      goto fail;
     }

   /* If the subject certificate is the same as the issuer
@@ -177,6 +177,7 @@
   else
     gnutls_assert ();

+fail:
   result = 0;

 cleanup:
@@ -269,7 +270,7 @@
   gnutls_datum_t cert_signed_data = { NULL, 0 };
   gnutls_datum_t cert_signature = { NULL, 0 };
   gnutls_x509_crt_t issuer;
-  int ret, issuer_version, result;
+  int ret, issuer_version, result = 0;

   if (output)
     *output = 0;
@@ -299,7 +300,7 @@
   if (issuer_version < 0)
     {
       gnutls_assert ();
-      return issuer_version;
+      return 0;
     }

   if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
@@ -320,6 +321,7 @@
   if (result < 0)
     {
       gnutls_assert ();
+      result = 0;
       goto cleanup;
     }

@@ -328,23 +330,25 @@
   if (result < 0)
     {
       gnutls_assert ();
+      result = 0;
       goto cleanup;
     }

-  ret =
+  result =
     _gnutls_x509_verify_signature (&cert_signed_data, NULL, &cert_signature,
                   issuer);
-  if (ret < 0)
+  if (result < 0)
     {
+      result = 0;
       gnutls_assert ();
+      goto cleanup;
     }
-  else if (ret == 0)
+  else if (result == 0)
     {
       gnutls_assert ();
       /* error. ignore it */
       if (output)
    *output |= GNUTLS_CERT_INVALID;
-      ret = 0;
     }

   /* If the certificate is not self signed check if the algorithms
@@ -364,11 +368,10 @@
    {
      if (output)
        *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;
-     ret = 0;
+     result = 0;
    }
     }

-  result = ret;

 cleanup:
   _gnutls_free_datum (&cert_signed_data);