Overview

File gnutls-CVE-2017-10790.patch of Package gnutls.8596

commit d8d805e1f2e6799bb2dff4871a8598dc83088a39
Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Thu Jun 22 16:31:37 2017 +0200

    _asn1_check_identifier: safer access to values read
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Index: gnutls-3.2.15/lib/minitasn1/parser_aux.c
===================================================================
--- gnutls-3.2.15.orig/lib/minitasn1/parser_aux.c	2018-08-27 14:54:54.286466478 +0200
+++ gnutls-3.2.15/lib/minitasn1/parser_aux.c	2018-08-27 14:54:54.778469629 +0200
@@ -923,7 +923,7 @@ _asn1_check_identifier (asn1_node node)
 	  if (p2 == NULL)
 	    {
 	      if (p->value)
-		_asn1_strcpy (_asn1_identifierMissing, p->value);
+		_asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value);
 	      else
 		_asn1_strcpy (_asn1_identifierMissing, "(null)");
 	      return ASN1_IDENTIFIER_NOT_FOUND;
@@ -936,9 +936,15 @@ _asn1_check_identifier (asn1_node node)
 	  if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT))
 	    {
 	      _asn1_str_cpy (name2, sizeof (name2), node->name);
-	      _asn1_str_cat (name2, sizeof (name2), ".");
-	      _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
-	      _asn1_strcpy (_asn1_identifierMissing, p2->value);
+	      if (p2->value)
+	        {
+	          _asn1_str_cat (name2, sizeof (name2), ".");
+	          _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
+	          _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value);
+	        }
+	      else
+		_asn1_strcpy (_asn1_identifierMissing, "(null)");
+
 	      p2 = asn1_find_node (node, name2);
 	      if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) ||
 		  !(p2->type & CONST_ASSIGN))
@@ -958,7 +964,8 @@ _asn1_check_identifier (asn1_node node)
 		  _asn1_str_cpy (name2, sizeof (name2), node->name);
 		  _asn1_str_cat (name2, sizeof (name2), ".");
 		  _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
-		  _asn1_strcpy (_asn1_identifierMissing, p2->value);
+		  _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value);
+
 		  p2 = asn1_find_node (node, name2);
 		  if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID)
 		      || !(p2->type & CONST_ASSIGN))
openSUSE Build Service is sponsored by
Places