Overview

File gnutls-CVE-2025-32989.patch of Package gnutls.39718

From 8e5ca951257202089246fa37e93a99d210ee5ca2 Mon Sep 17 00:00:00 2001
From: Andrew Hamilton <adhamilt@gmail.com>
Date: Mon, 7 Jul 2025 10:23:59 +0900
Subject: [PATCH] x509: fix read buffer overrun in SCT timestamps

Prevent reading beyond heap buffer in call to _gnutls_parse_ct_sct
when processing x509 Signed Certificate Timestamps with certain
malformed data. Spotted by oss-fuzz at:
https://issues.oss-fuzz.com/issues/42530513

Signed-off-by: Andrew Hamilton <adhamilt@gmail.com>
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
 NEWS                                             |   6 +++++-
 .../04939b75417cc95b7372c6f208c4bda4579bdc34     | Bin 0 -> 1782 bytes
 lib/x509/x509_ext.c                              |   2 +-
 3 files changed, 6 insertions(+), 2 deletions(-)
 create mode 100644 fuzz/gnutls_x509_parser_fuzzer.repro/04939b75417cc95b7372c6f208c4bda4579bdc34

diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c
index 0301a594c2..4b3e552536 100644
--- a/lib/x509/x509_ext.c
+++ b/lib/x509/x509_ext.c
@@ -3760,7 +3760,7 @@ int gnutls_x509_ext_ct_import_scts(const gnutls_datum_t *ext,
 	}
 
 	length = _gnutls_read_uint16(scts_content.data);
-	if (length < 4) {
+	if (length < 4 || length > scts_content.size) {
 		gnutls_free(scts_content.data);
 		return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
 	}
-- 
GitLab
openSUSE Build Service is sponsored by
Places