diff options
| author | cy <cy@FreeBSD.org> | 2014-06-05 02:51:20 +0800 |
|---|---|---|
| committer | cy <cy@FreeBSD.org> | 2014-06-05 02:51:20 +0800 |
| commit | 5208b6de8fb45feebbd1c7f8b9e59bffbef041eb (patch) | |
| tree | e07fad23f756498f3145b143e9e9ffaeb49f70f6 /security | |
| parent | e14d6cc52791c05f72cb1f4dca426cdd70182ca3 (diff) | |
| download | freebsd-ports-gnome-5208b6de8fb45feebbd1c7f8b9e59bffbef041eb.tar.gz freebsd-ports-gnome-5208b6de8fb45feebbd1c7f8b9e59bffbef041eb.tar.zst freebsd-ports-gnome-5208b6de8fb45feebbd1c7f8b9e59bffbef041eb.zip | |
Patch CVE-2014-3466 to prevent memory corruption due to server hello parsing.
Obtained from: https://gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd
Security: CVE-2014-3466, 9733c480-ebff-11e3-970b-206a8a720317
Diffstat (limited to 'security')
| -rw-r--r-- | security/gnutls/Makefile | 2 | ||||
| -rw-r--r-- | security/gnutls/files/patch-lib-gnutls_handshake.c | 11 |
2 files changed, 12 insertions, 1 deletions
diff --git a/security/gnutls/Makefile b/security/gnutls/Makefile index 009e98c310a0..7b4dfcdc8a9b 100644 --- a/security/gnutls/Makefile +++ b/security/gnutls/Makefile @@ -3,7 +3,7 @@ PORTNAME= gnutls PORTVERSION= 2.12.23 -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= security net MASTER_SITES= \ ftp://ftp.gnutls.org/gcrypt/gnutls/v${PORTVERSION:C/.[0-9]+$//}/ \ diff --git a/security/gnutls/files/patch-lib-gnutls_handshake.c b/security/gnutls/files/patch-lib-gnutls_handshake.c new file mode 100644 index 000000000000..8ecac0686495 --- /dev/null +++ b/security/gnutls/files/patch-lib-gnutls_handshake.c @@ -0,0 +1,11 @@ +--- lib/gnutls_handshake.c.orig 2012-11-03 06:03:47.000000000 -0700 ++++ lib/gnutls_handshake.c 2014-06-04 07:55:49.138570114 -0700 +@@ -1797,7 +1797,7 @@ + DECR_LEN (len, 1); + session_id_len = data[pos++]; + +- if (len < session_id_len) ++ if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE) + { + gnutls_assert (); + return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; |