gnutls/backport-x509-drop-endless-loop-in-print_extensions.patch

From e04f45d0283a80c990a9e1d7537ab871b769fdaf Mon Sep 17 00:00:00 2001
From: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date: Tue, 10 Mar 2020 12:12:36 +0300
Subject: [PATCH] x509: drop endless loop in print_extensions

If crq is malformed in extensions part, print_extensions() might loop
endlessly because gnutls_x509_crq_get_extension_info would return
unhandled GNUTLS_ASN1_DER_ERROR looping over extension index, rather
than bailing out. Fix this by handling this error code properly. Found
thanks to oss-fuzz.

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
---
 lib/x509/output.c                                 |   6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/x509/output.c b/lib/x509/output.c
index 2aa78b478..6f829b06a 100644
--- a/lib/x509/output.c
+++ b/lib/x509/output.c
@@ -1281,12 +1281,12 @@ print_extensions(gnutls_buffer_st * str, const char *prefix, int type,
 			return;
 		}
 
+		if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+			break;
 		if (err < 0) {
-			if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
-				break;
 			addf(str, "error: get_extension_info: %s\n",
 			     gnutls_strerror(err));
-			continue;
+			break;
 		}
 
 		if (i == 0)
-- 
2.26.2
fix x509 endless drop and pkcs12 iterations 2020-06-08 10:59:16 +08:00			`From e04f45d0283a80c990a9e1d7537ab871b769fdaf Mon Sep 17 00:00:00 2001`
			`From: Dmitry Baryshkov <dbaryshkov@gmail.com>`
			`Date: Tue, 10 Mar 2020 12:12:36 +0300`
			`Subject: [PATCH] x509: drop endless loop in print_extensions`

			`If crq is malformed in extensions part, print_extensions() might loop`
			`endlessly because gnutls_x509_crq_get_extension_info would return`
			`unhandled GNUTLS_ASN1_DER_ERROR looping over extension index, rather`
			`than bailing out. Fix this by handling this error code properly. Found`
			`thanks to oss-fuzz.`

			`Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>`
			`---`
			`lib/x509/output.c \| 6 +++---`
			`1 files changed, 3 insertions(+), 3 deletions(-)`

			`diff --git a/lib/x509/output.c b/lib/x509/output.c`
			`index 2aa78b478..6f829b06a 100644`
			`--- a/lib/x509/output.c`
			`+++ b/lib/x509/output.c`
			`@@ -1281,12 +1281,12 @@ print_extensions(gnutls_buffer_st * str, const char *prefix, int type,`
			`return;`
			`}`

			`+ if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)`
			`+ break;`
			`if (err < 0) {`
			`- if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)`
			`- break;`
			`addf(str, "error: get_extension_info: %s\n",`
			`gnutls_strerror(err));`
			`- continue;`
			`+ break;`
			`}`

			`if (i == 0)`
			`--`
			`2.26.2`