blob: 0f933d179387271268d1737e0cac66df6312cfbc (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
From 944118eba2ba7d1ffae2402e50e143e34d3a42ba Mon Sep 17 00:00:00 2001
From: mancha <mancha1@hush.com>
Date: Sun, 29 Sep 2013
Subject: CVE-2011-4128 [GNUTLS-SA-2011-2]
gnutls_session_get_data: fix possible buffer overflow
This is a backport adaptation for use with GnuTLS 2.8.4.
Relevant upstream commits:
--------------------------
https://gitorious.org/gnutls/gnutls/commit/190cef6eed37d0
https://gitorious.org/gnutls/gnutls/commit/e82ef4545e9e98
---
gnutls_session.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/lib/gnutls_session.c 2013-09-27
+++ b/lib/gnutls_session.c 2013-09-27
@@ -64,13 +64,14 @@ gnutls_session_get_data (gnutls_session_
gnutls_assert ();
return ret;
}
- *session_data_size = psession.size;
if (psession.size > *session_data_size)
{
+ *session_data_size = psession.size;
ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
goto error;
}
+ *session_data_size = psession.size;
if (session_data != NULL)
memcpy (session_data, psession.data, psession.size);
|