gnutls/patches/07-cve-2014-3465.patch

Source:
http://www.gnutls.org/security.html
Info:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3465
The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before
3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of
service (NULL pointer dereference) via a crafted X.509 certificate, related to
a missing LDAP description for an OID when printing the DN.
Status:
Need to determine if this patch has been sent upstream.

--- gnutls-2.8.6/lib/x509/common.c.orig 2014-06-05 10:06:21.669353689 +0530
+++ gnutls-2.8.6/lib/x509/common.c  2014-06-05 10:09:33.428829187 +0530
@@ -160,7 +160,7 @@ _gnutls_x509_oid2ldap_string (const char

   do
     {
-      if (strcmp (_oid2str[i].oid, oid) == 0)
+      if (strcmp (_oid2str[i].oid, oid) == 0 && _oid2str[i].ldap_desc != NULL)
    return _oid2str[i].ldap_desc;
       i++;
     }