| CVE: CVE-2016-7444 |
| Upstream-Status: Backport |
| Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> |
| |
| Upstream commit follows: |
| |
| |
| From 964632f37dfdfb914ebc5e49db4fa29af35b1de9 Mon Sep 17 00:00:00 2001 |
| From: Nikos Mavrogiannopoulos <nmav@gnutls.org> |
| Date: Sat, 27 Aug 2016 17:00:22 +0200 |
| Subject: [PATCH] ocsp: corrected the comparison of the serial size in OCSP response |
| |
| Previously the OCSP certificate check wouldn't verify the serial length |
| and could succeed in cases it shouldn't. |
| |
| Reported by Stefan Buehler. |
| --- |
| lib/x509/ocsp.c | 1 + |
| 1 file changed, 1 insertion(+), 0 deletions(-) |
| |
| diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c |
| index 92db9b6..8181f2e 100644 |
| --- a/lib/x509/ocsp.c |
| +++ b/lib/x509/ocsp.c |
| @@ -1318,6 +1318,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp, |
| gnutls_assert(); |
| goto cleanup; |
| } |
| + cserial.size = t; |
| |
| if (rserial.size != cserial.size |
| || memcmp(cserial.data, rserial.data, rserial.size) != 0) { |
| -- |
| libgit2 0.24.0 |
| |