[Cryptography] GnuTLS -- time to look at the diff.
andrew cooke
andrew at acooke.org
Tue Mar 4 17:38:04 EST 2014
On Tue, Mar 04, 2014 at 02:04:40PM -0800, Tom Mitchell wrote:
> GNUTLS-SA-2014-2CVE-2014-0092Certificate verification issue
[...]
> http://www.gnutls.org/security.html#GNUTLS-SA-2014-2
Not sure why this wasn't included in the above (so perhaps I have it wrong),
but the diff is
https://www.gitorious.org/gnutls/gnutls/commit/6aa26f78150ccbdf0aec1878a41c17c41d358a3b
(linked from http://www.gnutls.org/security.html#GNUTLS-SA-2014-2 after "apply
the patch for").
It's a combination of (multiple times)
if (result < 0)
{
gnutls_assert ();
- goto cleanup;
+ goto fail;
}
and
if (result < 0)
{
gnutls_assert ();
+ result = 0;
goto cleanup;
}
mainly.
Andrew
More information about the cryptography
mailing list