Overview

File CVE-2013-4466.patch of Package gnutls.3982

Index: gnutls-3.2.4/libdane/dane.c
===================================================================
--- gnutls-3.2.4.orig/libdane/dane.c
+++ gnutls-3.2.4/libdane/dane.c
@@ -233,77 +233,71 @@ int ret;
  **/
 void dane_query_deinit(dane_query_t q)
 {
-	ub_resolve_free(q->result);
+	if (q->result) 
+		ub_resolve_free(q->result);
 	free(q);
 }
 
 /**
- * dane_query_tlsa:
+ * dane_raw_tlsa:
  * @s: The DANE state structure
  * @r: A structure to place the result
- * @host: The host name to resolve.
- * @proto: The protocol type (tcp, udp, etc.)
- * @port: The service port number (eg. 443).
+ * @dane_data: array of DNS rdata items, terminated with a NULL pointer;
+ *             caller must guarantee that the referenced data remains
+ *             valid until dane_query_deinit() is called.
+ * @dane_data_len: the length n bytes of the dane_data items
+ * @param secure true if the result is validated securely, false if
+ *               validation failed or the domain queried has no security info
+ * @param bogus if the result was not secure (secure = 0) due to a security failure,
+ *              and the result is due to a security failure, bogus is true.
  *
- * This function will query the DNS server for the TLSA (DANE)
- * data for the given host.
+ * This function will fill in the TLSA (DANE) structure from
+ * the given raw DNS record data.
  *
  * Returns: On success, %DANE_E_SUCCESS (0) is returned, otherwise a
  *   negative error value.
  **/
-int dane_query_tlsa(dane_state_t s, dane_query_t *r, const char* host, const char* proto, unsigned int port)
+int dane_raw_tlsa(dane_state_t s, dane_query_t *r, char *const*dane_data, const int *dane_data_len, int secure, int bogus)
 {
-	char ns[1024];
 	int ret;
 	unsigned int i;
 
 	*r = calloc(1, sizeof(struct dane_query_st));
 	if (*r == NULL)
 		return gnutls_assert_val(DANE_E_MEMORY_ERROR);
-
-	snprintf(ns, sizeof(ns), "_%u._%s.%s", port, proto, host);
-
-	/* query for webserver */
-	ret = ub_resolve(s->ctx, ns, 52, 1, &(*r)->result);
-	if(ret != 0) {
-		return gnutls_assert_val(DANE_E_RESOLVING_ERROR);
-	}
-
-/* show first result */
-	if(!(*r)->result->havedata) {
-		return gnutls_assert_val(DANE_E_NO_DANE_DATA);
-	}
-
+	
 	i = 0;
 	do {
 
-		if ((*r)->result->len[i] > 3)
+		if (dane_data_len[i] > 3)
 			ret = DANE_E_SUCCESS;
 		else {
 			return gnutls_assert_val(DANE_E_RECEIVED_CORRUPT_DATA);
 		}
-	
-		(*r)->usage[i] = (*r)->result->data[i][0];
-		(*r)->type[i] = (*r)->result->data[i][1];
-		(*r)->match[i] = (*r)->result->data[i][2];
-		(*r)->data[i].data = (void*)&(*r)->result->data[i][3];
-		(*r)->data[i].size = (*r)->result->len[i] - 3;
+
+		(*r)->usage[i] = dane_data[i][0];
+		(*r)->type[i] = dane_data[i][1];
+		(*r)->match[i] = dane_data[i][2];
+		(*r)->data[i].data = (void*)&dane_data[i][3];
+		(*r)->data[i].size = dane_data_len[i] - 3;
 		i++;
-	} while((*r)->result->data[i] != NULL);
-	
+		if (i > MAX_DATA_ENTRIES)
+			break;
+	} while(dane_data[i] != NULL);
+
 	(*r)->data_entries = i;
 
-	if (!(s->flags & DANE_F_INSECURE) && !(*r)->result->secure) {
-		if ((*r)->result->bogus)
+	if (!(s->flags & DANE_F_INSECURE) && !secure) {
+		if (bogus)
 			ret = gnutls_assert_val(DANE_E_INVALID_DNSSEC_SIG);
 		else
 			ret = gnutls_assert_val(DANE_E_NO_DNSSEC_SIG);
 	}
 
 	/* show security status */
-	if ((*r)->result->secure) {
+	if (secure) {
 		(*r)->status = DANE_QUERY_DNSSEC_VERIFIED;
-	} else if ((*r)->result->bogus) {
+	} else if (bogus) {
 	        gnutls_assert();
 		(*r)->status = DANE_QUERY_BOGUS;
 	} else {
@@ -314,8 +308,53 @@ int dane_query_tlsa(dane_state_t s, dane
 	return ret;
 }
 
-static unsigned int matches(const gnutls_datum_t *raw1, const gnutls_datum_t *raw2, 
-							dane_match_type_t match)
+
+/**
+ * dane_query_tlsa:
+ * @s: The DANE state structure
+ * @r: A structure to place the result
+ * @host: The host name to resolve.
+ * @proto: The protocol type (tcp, udp, etc.)
+ * @port: The service port number (eg. 443).
+ *
+ * This function will query the DNS server for the TLSA (DANE)
+ * data for the given host.
+ *
+ * Returns: On success, %DANE_E_SUCCESS (0) is returned, otherwise a
+ *   negative error value.
+ **/
+int dane_query_tlsa(dane_state_t s, dane_query_t *r, const char* host, const char* proto, unsigned int port)
+{
+	char ns[1024];
+	int ret;
+	struct ub_result *result;
+
+	snprintf(ns, sizeof(ns), "_%u._%s.%s", port, proto, host);
+		
+	/* query for webserver */
+	ret = ub_resolve(s->ctx, ns, 52, 1, &result);
+	if(ret != 0) {
+		return gnutls_assert_val(DANE_E_RESOLVING_ERROR);
+	}
+		
+	/* show first result */
+	if(!result->havedata) {
+		ub_resolve_free (result);
+		return gnutls_assert_val(DANE_E_NO_DANE_DATA);
+	}
+
+	ret = dane_raw_tlsa (s, r, result->data, result->len, result->secure, result->bogus);
+	if (*r == NULL) {
+		ub_resolve_free (result);
+		return ret;
+	}
+	
+	(*r)->result = result;
+	return ret;
+}
+
+static unsigned int matches(const gnutls_datum_t *raw1, const gnutls_datum_t *raw2,
+		dane_match_type_t match)
 {
 uint8_t digest[64];
 int ret;
Index: gnutls-3.2.4/libdane/includes/gnutls/dane.h
===================================================================
--- gnutls-3.2.4.orig/libdane/includes/gnutls/dane.h
+++ gnutls-3.2.4/libdane/includes/gnutls/dane.h
@@ -109,6 +109,8 @@ int dane_state_init (dane_state_t* s, un
 int dane_state_set_dlv_file(dane_state_t s, const char* file);
 void dane_state_deinit (dane_state_t s);
 
+int dane_raw_tlsa(dane_state_t s, dane_query_t *r, char *const*dane_data, const int *dane_data_len, int secure, int bogus);
+
 int dane_query_tlsa(dane_state_t s, dane_query_t *r, const char* host, const char* proto, unsigned int port);
 
 dane_query_status_t dane_query_status(dane_query_t q);
openSUSE Build Service is sponsored by
Places