Package: gnutls26 / 2.8.6-1+squeeze3

22_gnutls-2.8.5-cve-2014-0092.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
From 56071ff3831bbfb2cc43d2ea4cb58b11d6ac536c Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Tue, 25 Feb 2014 15:57:55 +0100
Subject: [PATCH] corrected return codes

---
 lib/x509/verify.c | 28 +++++++++++++++-------------
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index cc7850a..e7e2774 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -112,7 +112,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
   if (result < 0)
     {
       gnutls_assert ();
-      goto cleanup;
+      goto fail;
     }
 
   result =
@@ -121,7 +121,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
   if (result < 0)
     {
       gnutls_assert ();
-      goto cleanup;
+      goto fail;
     }
 
   result =
@@ -129,7 +129,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
   if (result < 0)
     {
       gnutls_assert ();
-      goto cleanup;
+      goto fail;
     }
 
   result =
@@ -137,7 +137,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
   if (result < 0)
     {
       gnutls_assert ();
-      goto cleanup;
+      goto fail;
     }
 
   /* If the subject certificate is the same as the issuer
@@ -177,6 +177,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
   else
     gnutls_assert ();
 
+fail:
   result = 0;
 
 cleanup:
@@ -269,7 +270,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
   gnutls_datum_t cert_signed_data = { NULL, 0 };
   gnutls_datum_t cert_signature = { NULL, 0 };
   gnutls_x509_crt_t issuer;
-  int ret, issuer_version, result;
+  int ret, issuer_version, result = 0;
 
   if (output)
     *output = 0;
@@ -299,7 +300,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
   if (issuer_version < 0)
     {
       gnutls_assert ();
-      return issuer_version;
+      return 0;
     }
 
   if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
@@ -320,6 +321,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
   if (result < 0)
     {
       gnutls_assert ();
+      result = 0;
       goto cleanup;
     }
 
@@ -328,23 +330,25 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
   if (result < 0)
     {
       gnutls_assert ();
+      result = 0;
       goto cleanup;
     }
 
-  ret =
+  result =
     _gnutls_x509_verify_signature (&cert_signed_data, NULL, &cert_signature,
 				   issuer);
-  if (ret < 0)
+  if (result < 0)
     {
+      result = 0;
       gnutls_assert ();
+      goto cleanup;
     }
-  else if (ret == 0)
+  else if (result == 0)
     {
       gnutls_assert ();
       /* error. ignore it */
       if (output)
 	*output |= GNUTLS_CERT_INVALID;
-      ret = 0;
     }
 
   /* If the certificate is not self signed check if the algorithms
@@ -364,12 +368,10 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
 	{
 	  if (output)
 	    *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;
-	  ret = 0;
+	  result = 0;
 	}
     }
 
-  result = ret;
-
 cleanup:
   _gnutls_free_datum (&cert_signed_data);
   _gnutls_free_datum (&cert_signature);
-- 
1.8.5.3