Verified Commit 0001e553 authored by Jan Pavlinec's avatar Jan Pavlinec
Browse files

gnutls: patch CVE-2020-24659 (security fix)

Backported from https://gitlab.com/gnutls/gnutls/-/issues/1071
parent f76b33c1
......@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=gnutls
PKG_VERSION:=3.6.7
PKG_RELEASE:=3
PKG_RELEASE:=4
PKG_USE_MIPS16:=0
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
......
From bb9f61d3d2a6866973e7cdb6a9be9125656a55ee Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Sat, 22 Aug 2020 17:19:39 +0200
Subject: [PATCH] handshake: reject no_renegotiation alert if handshake is
incomplete
If the initial handshake is incomplete and the server sends a
no_renegotiation alert, the client should treat it as a fatal error
even if its level is warning. Otherwise the same handshake
state (e.g., DHE parameters) are reused in the next gnutls_handshake
call, if it is called in the loop idiom:
do {
ret = gnutls_handshake(session);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/handshake.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/handshake.c b/lib/handshake.c
index b40f84b3d..084f05b43 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -2589,7 +2589,8 @@ inline static int
_gnutls_abort_handshake(gnutls_session_t session, int ret)
{
if (((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) &&
- (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION))
+ (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION) &&
+ session->internals.initial_negotiation_completed)
|| ret == GNUTLS_E_GOT_APPLICATION_DATA)
return 0;
--
2.26.2
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment