From 60d130a5c5607c600e80684d4407bc2d8eed3c56 Mon Sep 17 00:00:00 2001 From: markeryang Date: Mon, 29 Aug 2022 10:38:52 +0800 Subject: [PATCH] fix CVE-2021-4209 (cherry picked from commit 02f7b858a7a4e1cd0fc4ba55abdb2c995080b543) --- backport-CVE-2021-4209.patch | 32 ++++++++++++++++++++++++++++++++ gnutls.spec | 7 ++++++- 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2021-4209.patch diff --git a/backport-CVE-2021-4209.patch b/backport-CVE-2021-4209.patch new file mode 100644 index 0000000..9be5136 --- /dev/null +++ b/backport-CVE-2021-4209.patch @@ -0,0 +1,32 @@ +From 3db352734472d851318944db13be73da61300568 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Wed, 22 Dec 2021 09:12:25 +0100 +Subject: [PATCH] wrap_nettle_hash_fast: avoid calling _update with zero-length + input + +As Nettle's hash update functions internally call memcpy, providing +zero-length input may cause undefined behavior. + +Signed-off-by: Daiki Ueno +--- + lib/nettle/mac.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c +index f9d4d7a8df..35e070fab0 100644 +--- a/lib/nettle/mac.c ++++ b/lib/nettle/mac.c +@@ -788,7 +788,9 @@ static int wrap_nettle_hash_fast(gnutls_digest_algorithm_t algo, + if (ret < 0) + return gnutls_assert_val(ret); + +- ctx.update(&ctx, text_size, text); ++ if (text_size > 0) { ++ ctx.update(&ctx, text_size, text); ++ } + ctx.digest(&ctx, ctx.length, digest); + + return 0; +-- +GitLab + diff --git a/gnutls.spec b/gnutls.spec index b7765a4..9c07f71 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -1,6 +1,6 @@ Name: gnutls Version: 3.7.2 -Release: 3 +Release: 4 Summary: The GNU Secure Communication Protocol Library License: LGPLv2.1+ and GPLv3+ @@ -9,6 +9,8 @@ Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz.sig Patch1: fix-ipv6-handshake-failed.patch +Patch2: backport-CVE-2021-4209.patch + %bcond_without dane %bcond_with guile @@ -199,6 +201,9 @@ make check %{?_smp_mflags} %endif %changelog +* Mon Aug 29 2022 yanglongkang - 3.7.2-4 +- fix CVE-2021-4209 + * Tue Jun 14 2022 shangyibin - 3.7.2-3 - fix changelog