Bug#309111: [GNUTLS-SA-2005-1] DoS security problem in gnutls <=1.0.24 (and <=1.2.3)

Matthijs Mohlmann Sun, 15 May 2005 03:53:15 -0700

Hi,

Attached a patch from cvs which fixes the problem.


Regards,

Matthijs Mohlmann

===================================================================
RCS file: /cvs/gnutls/gnutls/lib/gnutls_cipher.c,v
retrieving revision 2.70.2.4
retrieving revision 2.70.2.5
diff -u -r2.70.2.4 -r2.70.2.5
--- gnutls/lib/gnutls_cipher.c	2004/02/27 17:51:58	2.70.2.4
+++ gnutls/lib/gnutls_cipher.c	2005/04/27 17:43:56	2.70.2.5
@@ -448,7 +448,7 @@
 		
 		/* Check the pading bytes (TLS 1.x)
 		 */
-		if ( ver >= GNUTLS_TLS1)
+		if ( ver >= GNUTLS_TLS1 && pad_failed==0)
 		for (i=2;i<pad;i++) {
 			if (ciphertext.data[ciphertext.size-i] != ciphertext.data[ciphertext.size - 1]) 
 				pad_failed = GNUTLS_E_DECRYPTION_FAILED;
===================================================================
RCS file: /cvs/gnutls/gnutls/lib/gnutls_mpi.h,v
retrieving revision 2.18.4.5
retrieving revision 2.18.4.6
diff -u -r2.18.4.5 -r2.18.4.6
--- gnutls/lib/gnutls_mpi.h	2004/08/18 12:07:21	2.18.4.5
+++ gnutls/lib/gnutls_mpi.h	2005/04/27 17:43:56	2.18.4.6
@@ -26,6 +26,7 @@
 #define _gnutls_mpi_mul gcry_mpi_mul
 #define _gnutls_mpi_add gcry_mpi_add
 #define _gnutls_mpi_add_ui gcry_mpi_add_ui
+#define _gnutls_mpi_sub_ui gcry_mpi_sub_ui
 #define _gnutls_mpi_mul_ui gcry_mpi_mul_ui
 #define _gnutls_prime_check gcry_prime_check
 #define _gnutls_mpi_div gcry_mpi_div

signature.asc
Description: OpenPGP digital signature

Bug#309111: [GNUTLS-SA-2005-1] DoS security problem in gnutls <=1.0.24 (and <=1.2.3)

Reply via email to