rpms/gnutls
7
0
Fork 0
Code Issues Pull Requests Releases Activity
c10
gnutls/gnutls-3.8.10-1817-security-parameters.patch
AlmaLinux RelEng Bot 8606fa3760 import UBI gnutls-3.8.10-4.el10_2
2026-05-26 02:41:06 -04:00

36 lines
1.2 KiB
Diff
Raw Permalink Blame History

From 3d45a63b16f64ac53abe9f1a02135e8daf1020f8 Mon Sep 17 00:00:00 2001
From: Alexander Sosedkin <asosedkin@redhat.com>
Date: Tue, 7 Apr 2026 10:16:03 +0200
Subject: [PATCH] session_pack: validate session_id_size on unpacking
A check for session_id_size not exceeding GNUTLS_MAX_SESSION_ID_SIZE
on loading persisted TLS session data was overlooked,
leading to a heap overflow
were the data corrupted in a malicious manner.
Reported-by: Haruto Kimura (Stella)
Fixes: #1817
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
---
lib/session_pack.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lib/session_pack.c b/lib/session_pack.c
index bd1ce3361..6c1d98270 100644
--- a/lib/session_pack.c
+++ b/lib/session_pack.c
@@ -973,6 +973,10 @@ static int unpack_security_parameters(gnutls_session_t session,
&session->internals.resumed_security_parameters.session_id_size,
1);
+ if (session->internals.resumed_security_parameters.session_id_size >
+ GNUTLS_MAX_SESSION_ID_SIZE)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
BUFFER_POP(
ps, session->internals.resumed_security_parameters.session_id,
session->internals.resumed_security_parameters.session_id_size);
--
2.53.0
Reference in New Issue View Git Blame Copy Permalink