Package: gnutls26 / 2.12.20-8+deb7u5

42_CVE-2015-8313.diff Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Description: Fix off by one issue in padding check (CVE-2015-8313)
Origin: other, https://blog.hboeck.de/uploads/gnutls-2-fix-small-poodle.diff
Bug-Ubuntu: https://launchpad.net/bugs/1510163
Forwarded: not-needed
Author: Hanno Boeck <hanno@hboeck.de>
Last-Update: 2015-11-30

--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -569,7 +569,7 @@ _gnutls_ciphertext2compressed (gnutls_se
        * because there is a timing channel in that memory access (in certain CPUs).
        */
       if (_gnutls_version_has_variable_padding (ver) && pad_failed == 0)
-        for (i = 2; i <= pad; i++)
+        for (i = 2; i <= pad+1; i++)
           {
             if (ciphertext.data[ciphertext.size - i] != pad)
               pad_failed = GNUTLS_E_DECRYPTION_FAILED;