File gnutls-CVE-2014-8564.patch of Package gnutls.3982

commit a737abecf1affa08469ca2e9804eb3b6e95027e9
Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 10 07:44:11 2014 +0100

    when exporting curve coordinates to X9.63 format, perform additional sanity checks on input
    
    Reported by Sean Burford.

Index: gnutls-3.2.4/lib/gnutls_ecc.c
===================================================================
--- gnutls-3.2.4.orig/lib/gnutls_ecc.c
+++ gnutls-3.2.4/lib/gnutls_ecc.c
@@ -53,20 +53,36 @@ _gnutls_ecc_ansi_x963_export (gnutls_ecc
 
   /* pad and store x */
   byte_size = (_gnutls_mpi_get_nbits (x) + 7) / 8;
+  if (numlen < byte_size) {
+    ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+    goto cleanup;
+  }
+
   size = out->size - (1 + (numlen - byte_size));
   ret = _gnutls_mpi_print (x, &out->data[1 + (numlen - byte_size)], &size);
-  if (ret < 0)
-    return gnutls_assert_val (ret);
+  if (ret < 0) {
+    gnutls_assert();
+    goto cleanup;
+  }
 
   byte_size = (_gnutls_mpi_get_nbits (y) + 7) / 8;
+  if (numlen < byte_size) {
+    ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+    goto cleanup;
+  }
   size = out->size - (1 + (numlen + numlen - byte_size));
   ret =
     _gnutls_mpi_print (y, &out->data[1 + numlen + numlen - byte_size], &size);
-  if (ret < 0)
-    return gnutls_assert_val (ret);
+  if (ret < 0) {
+    gnutls_assert();
+    goto cleanup;
+  }
 
   /* pad and store y */
   return 0;
+cleanup:
+  _gnutls_free_datum(out);
+  return ret;
 }
Places

File gnutls-CVE-2014-8564.patch of Package gnutls.3982

Places
