File CVE-2012-0390.patch of Package gnutls.383

Index: gnutls-2.8.6/lib/gnutls_cipher.c
===================================================================
--- gnutls-2.8.6.orig/lib/gnutls_cipher.c
+++ gnutls-2.8.6/lib/gnutls_cipher.c
@@ -541,7 +541,12 @@ _gnutls_ciphertext2compressed (gnutls_se
     }
 
   if (length < 0)
-    length = 0;
+  {
+	  /* Setting a proper length to prevent timing differences in
+	   * processing of records with invalid encryption.
+	   */
+	  length = ciphertext.size - hash_size;
+  }
   c_length = _gnutls_conv_uint16 ((uint16_t) length);
 
   /* Pass the type, version, length and compressed through
openSUSE Build Service is sponsored by