From 0f6a823b25eb9829fb784adbef850a36594fb731 Mon Sep 17 00:00:00 2001 From: markeryang Date: Tue, 30 Aug 2022 15:11:01 +0800 Subject: [PATCH] fix CVE-2021-4029 --- backport-CVE-2021-4209.patch | 32 ++++++++++++++++++++++++++++++++ gnutls.spec | 6 +++++- 2 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2021-4209.patch diff --git a/backport-CVE-2021-4209.patch b/backport-CVE-2021-4209.patch new file mode 100644 index 0000000..9be5136 --- /dev/null +++ b/backport-CVE-2021-4209.patch @@ -0,0 +1,32 @@ +From 3db352734472d851318944db13be73da61300568 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Wed, 22 Dec 2021 09:12:25 +0100 +Subject: [PATCH] wrap_nettle_hash_fast: avoid calling _update with zero-length + input + +As Nettle's hash update functions internally call memcpy, providing +zero-length input may cause undefined behavior. + +Signed-off-by: Daiki Ueno +--- + lib/nettle/mac.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c +index f9d4d7a8df..35e070fab0 100644 +--- a/lib/nettle/mac.c ++++ b/lib/nettle/mac.c +@@ -788,7 +788,9 @@ static int wrap_nettle_hash_fast(gnutls_digest_algorithm_t algo, + if (ret < 0) + return gnutls_assert_val(ret); + +- ctx.update(&ctx, text_size, text); ++ if (text_size > 0) { ++ ctx.update(&ctx, text_size, text); ++ } + ctx.digest(&ctx, ctx.length, digest); + + return 0; +-- +GitLab + diff --git a/gnutls.spec b/gnutls.spec index b96a39c..4c7a5cc 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -1,6 +1,6 @@ Name: gnutls Version: 3.7.2 -Release: 3 +Release: 4 Summary: The GNU Secure Communication Protocol Library License: LGPLv2.1+ and GPLv3+ @@ -10,6 +10,7 @@ Source1: https://www.gnupg.org/ftp/gcrypt/%{name}/v3.6/%{name}-%{version}.tar.xz Patch1: fix-ipv6-handshake-failed.patch Patch2: backport-CVE-2022-2509.patch +Patch3: backport-CVE-2021-4209.patch %bcond_without dane %bcond_with guile @@ -216,6 +217,9 @@ make check %{?_smp_mflags} %endif %changelog +* Tue Aug 30 2022 yanglongkang - 3.7.2-4 +- fix CVE-2021-4209 + * Mon Aug 29 2022 dongyuzhen - 3.7.2-3 - fix CVE-2022-2509 -- Gitee