rpms/gnutls/devel gnutls-1.4.2-cve-2006-4790.patch,NONE,1.1
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Sep 14 12:40:08 UTC 2006
- Previous message (by thread): rpms/gnutls/devel gnutls.spec,1.23,1.24
- Next message (by thread): rpms/kernel/devel linux-2.6-hdrcheck-biarchfix.patch, NONE, 1.1 linux-2.6-hdrcheck-i386.patch, NONE, 1.1 linux-2.6-hdrcheck-ia64.patch, NONE, 1.1 linux-2.6-hdrcheck-s390.patch, NONE, 1.1 linux-2.6-hdrcheck-x86_64.patch, NONE, 1.1 patch-2.6.18-rc7-git1.bz2.sign, NONE, 1.1 .cvsignore, 1.525, 1.526 kernel-2.6.spec, 1.2647, 1.2648 sources, 1.488, 1.489 upstream, 1.423, 1.424
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: tmraz
Update of /cvs/dist/rpms/gnutls/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv31022
Added Files:
gnutls-1.4.2-cve-2006-4790.patch
Log Message:
* Thu Sep 14 2006 Tomas Mraz <tmraz at redhat.com> 1.4.1-2
- detect forged signatures - CVE-2006-4790 (#206411), patch
from upstream
gnutls-1.4.2-cve-2006-4790.patch:
verify.c | 13 +++++++++++++
1 files changed, 13 insertions(+)
--- NEW FILE gnutls-1.4.2-cve-2006-4790.patch ---
Make sure the digestAlgorithm.parameters field is empty, which it has
to be for the hashes we support. Otherwise, the field can encode
"garbage" that might be used to make the signature be a perfect cube,
similar (but not identical) to Bleichenbacher's Crypto 06 rump session
attack.
Index: verify.c
===================================================================
RCS file: /cvs/gnutls/gnutls/lib/x509/verify.c,v
retrieving revision 1.52
retrieving revision 1.55
diff -u -p -r1.52 -r1.55
--- gnutls/lib/x509/verify.c 7 Nov 2005 23:28:02 -0000 1.52
+++ gnutls/lib/x509/verify.c 12 Sep 2006 13:11:23 -0000 1.55
@@ -505,6 +505,19 @@ decode_ber_digest_info (const gnutls_dat
return GNUTLS_E_UNKNOWN_HASH_ALGORITHM;
}
+ len = sizeof (str) - 1;
+ result = asn1_read_value (dinfo, "digestAlgorithm.parameters", str, &len);
+ /* To avoid permitting garbage in the parameters field, either the
+ parameters field is not present, or it contains 0x05 0x00. */
+ if (!(result == ASN1_ELEMENT_NOT_FOUND ||
+ (result == ASN1_SUCCESS && len == 2 &&
+ str[0] == 0x05 && str[1] == 0x00)))
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&dinfo);
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
+
result = asn1_read_value (dinfo, "digest", digest, digest_size);
if (result != ASN1_SUCCESS)
{
- Previous message (by thread): rpms/gnutls/devel gnutls.spec,1.23,1.24
- Next message (by thread): rpms/kernel/devel linux-2.6-hdrcheck-biarchfix.patch, NONE, 1.1 linux-2.6-hdrcheck-i386.patch, NONE, 1.1 linux-2.6-hdrcheck-ia64.patch, NONE, 1.1 linux-2.6-hdrcheck-s390.patch, NONE, 1.1 linux-2.6-hdrcheck-x86_64.patch, NONE, 1.1 patch-2.6.18-rc7-git1.bz2.sign, NONE, 1.1 .cvsignore, 1.525, 1.526 kernel-2.6.spec, 1.2647, 1.2648 sources, 1.488, 1.489 upstream, 1.423, 1.424
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list