File gnutls-CVE-2016-7444.patch of Package gnutls.5070

From 964632f37dfdfb914ebc5e49db4fa29af35b1de9 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sat, 27 Aug 2016 17:00:22 +0200
Subject: [PATCH] ocsp: corrected the comparison of the serial size in OCSP response

Previously the OCSP certificate check wouldn't verify the serial length
and could succeed in cases it shouldn't.

Reported by Stefan Buehler.
---
 lib/x509/ocsp.c | 1 +
 1 file changed, 1 insertion(+), 0 deletions(-)

Index: gnutls-3.2.15/lib/x509/ocsp.c
===================================================================
--- gnutls-3.2.15.orig/lib/x509/ocsp.c	2013-11-10 18:59:14.000000000 +0100
+++ gnutls-3.2.15/lib/x509/ocsp.c	2017-01-12 17:28:50.556202498 +0100
@@ -1251,6 +1251,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_r
 		gnutls_assert();
 		goto cleanup;
 	}
+	cserial.size = t;
 
 	if (rserial.size != cserial.size
 	    || memcmp(cserial.data, rserial.data, rserial.size) != 0) {
openSUSE Build Service is sponsored by