Search
SailfishOS Open Build Service
>
Projects
>
home:tigeli
>
gnutls
> _service:tar_git:CVE-2015-0294.patch
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File _service:tar_git:CVE-2015-0294.patch of Package gnutls
From 2458d6d158fd523418e331e50abb35cd334bb795 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos <nmav@redhat.com> Date: Mon, 23 Feb 2015 10:41:56 +0100 Subject: [PATCH] added fix for certificate algorithm consistency check --- lib/x509/x509.c | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 6db574c..f51ba3b 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -165,7 +165,7 @@ gnutls_x509_crt_import (gnutls_x509_crt_t cert, gnutls_x509_crt_fmt_t format) { int result = 0, need_free = 0; - gnutls_datum_t _data; + gnutls_datum_t _data, sa1 = {NULL, 0}, sa2 = {NULL, 0}; if (cert == NULL) { @@ -233,6 +233,36 @@ gnutls_x509_crt_import (gnutls_x509_crt_t cert, goto cleanup; } + result = + _gnutls_x509_read_value (cert->cert, "tbsCertificate.signature.algorithm", + &sa1, 0); + if (result != ASN1_SUCCESS) + { + result = _gnutls_asn2err (result); + gnutls_assert (); + goto cleanup; + } + + result = + _gnutls_x509_read_value (cert->cert, "signatureAlgorithm.algorithm", + &sa2, 0); + if (result != ASN1_SUCCESS) + { + result = _gnutls_asn2err (result); + gnutls_assert (); + goto cleanup; + } + + if (sa1.size != sa2.size || sa1.size == 0 || strcmp(sa1.data, sa2.data) != 0) + { + result = GNUTLS_E_CERTIFICATE_ERROR; + gnutls_assert (); + goto cleanup; + } + + _gnutls_free_datum (&sa1); + _gnutls_free_datum (&sa2); + /* Since we do not want to disable any extension */ cert->use_extensions = 1; @@ -242,6 +272,8 @@ gnutls_x509_crt_import (gnutls_x509_crt_t cert, return 0; cleanup: + _gnutls_free_datum (&sa1); + _gnutls_free_datum (&sa2); if (need_free) _gnutls_free_datum (&_data); return result; -- 2.1.4