Hello community, here is the log from the commit of package gnutls for openSUSE:13.1 checked in at 2013-10-29 10:13:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1/gnutls (Old) and /work/SRC/openSUSE:13.1/.gnutls.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls" Changes: -------- --- /work/SRC/openSUSE:13.1/gnutls/gnutls.changes 2013-09-23 10:52:35.000000000 +0200 +++ /work/SRC/openSUSE:13.1/.gnutls.new/gnutls.changes 2013-10-29 10:13:36.000000000 +0100 @@ -1,0 +2,6 @@ +Fri Oct 25 04:22:30 UTC 2013 - shch...@suse.com + +- Fix bug[ bnc#847484], CVE-2013-4466 ( DoS in libdane) + Add patch file: CVE-2013-4466.patch + +------------------------------------------------------------------- New: ---- CVE-2013-4466.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ --- /var/tmp/diff_new_pack.brmHZT/_old 2013-10-29 10:13:36.000000000 +0100 +++ /var/tmp/diff_new_pack.brmHZT/_new 2013-10-29 10:13:36.000000000 +0100 @@ -40,6 +40,7 @@ Patch5: gnutls-3.2.4-noecc.patch Patch6: gnutls-implement-trust-store-dir.diff Patch7: make-obs-happy-with-gnutls_3.2.4.patch +Patch8: CVE-2013-4466.patch BuildRequires: automake BuildRequires: gcc-c++ @@ -142,6 +143,7 @@ %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 %build autoreconf -if ++++++ CVE-2013-4466.patch ++++++ Index: gnutls-3.2.4/libdane/dane.c =================================================================== --- gnutls-3.2.4.orig/libdane/dane.c +++ gnutls-3.2.4/libdane/dane.c @@ -233,77 +233,71 @@ int ret; **/ void dane_query_deinit(dane_query_t q) { - ub_resolve_free(q->result); + if (q->result) + ub_resolve_free(q->result); free(q); } /** - * dane_query_tlsa: + * dane_raw_tlsa: * @s: The DANE state structure * @r: A structure to place the result - * @host: The host name to resolve. - * @proto: The protocol type (tcp, udp, etc.) - * @port: The service port number (eg. 443). + * @dane_data: array of DNS rdata items, terminated with a NULL pointer; + * caller must guarantee that the referenced data remains + * valid until dane_query_deinit() is called. + * @dane_data_len: the length n bytes of the dane_data items + * @param secure true if the result is validated securely, false if + * validation failed or the domain queried has no security info + * @param bogus if the result was not secure (secure = 0) due to a security failure, + * and the result is due to a security failure, bogus is true. * - * This function will query the DNS server for the TLSA (DANE) - * data for the given host. + * This function will fill in the TLSA (DANE) structure from + * the given raw DNS record data. * * Returns: On success, %DANE_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int dane_query_tlsa(dane_state_t s, dane_query_t *r, const char* host, const char* proto, unsigned int port) +int dane_raw_tlsa(dane_state_t s, dane_query_t *r, char *const*dane_data, const int *dane_data_len, int secure, int bogus) { - char ns[1024]; int ret; unsigned int i; *r = calloc(1, sizeof(struct dane_query_st)); if (*r == NULL) return gnutls_assert_val(DANE_E_MEMORY_ERROR); - - snprintf(ns, sizeof(ns), "_%u._%s.%s", port, proto, host); - - /* query for webserver */ - ret = ub_resolve(s->ctx, ns, 52, 1, &(*r)->result); - if(ret != 0) { - return gnutls_assert_val(DANE_E_RESOLVING_ERROR); - } - -/* show first result */ - if(!(*r)->result->havedata) { - return gnutls_assert_val(DANE_E_NO_DANE_DATA); - } - + i = 0; do { - if ((*r)->result->len[i] > 3) + if (dane_data_len[i] > 3) ret = DANE_E_SUCCESS; else { return gnutls_assert_val(DANE_E_RECEIVED_CORRUPT_DATA); } - - (*r)->usage[i] = (*r)->result->data[i][0]; - (*r)->type[i] = (*r)->result->data[i][1]; - (*r)->match[i] = (*r)->result->data[i][2]; - (*r)->data[i].data = (void*)&(*r)->result->data[i][3]; - (*r)->data[i].size = (*r)->result->len[i] - 3; + + (*r)->usage[i] = dane_data[i][0]; + (*r)->type[i] = dane_data[i][1]; + (*r)->match[i] = dane_data[i][2]; + (*r)->data[i].data = (void*)&dane_data[i][3]; + (*r)->data[i].size = dane_data_len[i] - 3; i++; - } while((*r)->result->data[i] != NULL); - + if (i > MAX_DATA_ENTRIES) + break; + } while(dane_data[i] != NULL); + (*r)->data_entries = i; - if (!(s->flags & DANE_F_INSECURE) && !(*r)->result->secure) { - if ((*r)->result->bogus) + if (!(s->flags & DANE_F_INSECURE) && !secure) { + if (bogus) ret = gnutls_assert_val(DANE_E_INVALID_DNSSEC_SIG); else ret = gnutls_assert_val(DANE_E_NO_DNSSEC_SIG); } /* show security status */ - if ((*r)->result->secure) { + if (secure) { (*r)->status = DANE_QUERY_DNSSEC_VERIFIED; - } else if ((*r)->result->bogus) { + } else if (bogus) { gnutls_assert(); (*r)->status = DANE_QUERY_BOGUS; } else { @@ -314,8 +308,53 @@ int dane_query_tlsa(dane_state_t s, dane return ret; } -static unsigned int matches(const gnutls_datum_t *raw1, const gnutls_datum_t *raw2, - dane_match_type_t match) + +/** + * dane_query_tlsa: + * @s: The DANE state structure + * @r: A structure to place the result + * @host: The host name to resolve. + * @proto: The protocol type (tcp, udp, etc.) + * @port: The service port number (eg. 443). + * + * This function will query the DNS server for the TLSA (DANE) + * data for the given host. + * + * Returns: On success, %DANE_E_SUCCESS (0) is returned, otherwise a + * negative error value. + **/ +int dane_query_tlsa(dane_state_t s, dane_query_t *r, const char* host, const char* proto, unsigned int port) +{ + char ns[1024]; + int ret; + struct ub_result *result; + + snprintf(ns, sizeof(ns), "_%u._%s.%s", port, proto, host); + + /* query for webserver */ + ret = ub_resolve(s->ctx, ns, 52, 1, &result); + if(ret != 0) { + return gnutls_assert_val(DANE_E_RESOLVING_ERROR); + } + + /* show first result */ + if(!result->havedata) { + ub_resolve_free (result); + return gnutls_assert_val(DANE_E_NO_DANE_DATA); + } + + ret = dane_raw_tlsa (s, r, result->data, result->len, result->secure, result->bogus); + if (*r == NULL) { + ub_resolve_free (result); + return ret; + } + + (*r)->result = result; + return ret; +} + +static unsigned int matches(const gnutls_datum_t *raw1, const gnutls_datum_t *raw2, + dane_match_type_t match) { uint8_t digest[64]; int ret; Index: gnutls-3.2.4/libdane/includes/gnutls/dane.h =================================================================== --- gnutls-3.2.4.orig/libdane/includes/gnutls/dane.h +++ gnutls-3.2.4/libdane/includes/gnutls/dane.h @@ -109,6 +109,8 @@ int dane_state_init (dane_state_t* s, un int dane_state_set_dlv_file(dane_state_t s, const char* file); void dane_state_deinit (dane_state_t s); +int dane_raw_tlsa(dane_state_t s, dane_query_t *r, char *const*dane_data, const int *dane_data_len, int secure, int bogus); + int dane_query_tlsa(dane_state_t s, dane_query_t *r, const char* host, const char* proto, unsigned int port); dane_query_status_t dane_query_status(dane_query_t q); -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org