blob: 6ab68469e666eddefcd52879f348f7800b439517 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
From d9f1638a89524a780dfd132b18113bdfd6275b2c Mon Sep 17 00:00:00 2001
From: mancha <mancha1@hush.com>
Date: Sun, 29 Sep 2013
Subject: CVE-2011-4128 [GNUTLS-SA-2011-2]
gnutls_session_get_data: fix possible buffer overflow
This is a backport adaptation for use with GnuTLS 2.10.5.
Relevant upstream commits:
--------------------------
https://gitorious.org/gnutls/gnutls/commit/190cef6eed37d0
https://gitorious.org/gnutls/gnutls/commit/e82ef4545e9e98
---
gnutls_session.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/lib/gnutls_session.c 2013-09-27
+++ b/lib/gnutls_session.c 2013-09-27
@@ -65,13 +65,14 @@ gnutls_session_get_data (gnutls_session_
gnutls_assert ();
return ret;
}
- *session_data_size = psession.size;
if (psession.size > *session_data_size)
{
+ *session_data_size = psession.size;
ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
goto error;
}
+ *session_data_size = psession.size;
if (session_data != NULL)
memcpy (session_data, psession.data, psession.size);
|
