Bug#933538: Proposed fix for stable

Hanno Stock opensource at hanno-stock.de
Thu Nov 28 17:30:59 GMT 2019 

Patch applies to version in stable.

See attached debdiff.

I have built the package in a buster chroot and installed on a buster
system where I previously encountered the bug.

This patch fixes the bug and otherwise SSL connections still seem to
work fine.

-------------- next part --------------
diff -Nru gnutls28-3.6.7/debian/changelog gnutls28-3.6.7/debian/changelog
--- gnutls28-3.6.7/debian/changelog	2019-06-12 19:21:23.000000000 +0200
+++ gnutls28-3.6.7/debian/changelog	2019-11-28 17:03:35.000000000 +0100
@@ -1,3 +1,13 @@
+gnutls28 (3.6.7-4+deb10u1~1.gbp7c6fcb) UNRELEASED; urgency=medium
+
+  ** SNAPSHOT build @7c6fcba7e7c4e5cfe6f7aa145ec8598876b7db97 **
+
+  * UNRELEASED
+  * 40_rel3.6.10_01-gnutls_epoch_set_keys-do-not-forbid-random-padding.patch
+    from upstream GIT master: Fix interop problems with gnutls 2.x. Closes: #933538
+
+ -- Hanno Stock <opensource at hanno-stock.de>  Thu, 28 Nov 2019 17:03:35 +0100
+
 gnutls28 (3.6.7-4) unstable; urgency=medium
 
   * Cherry-pick important bug-fixes from 3.6.8:
diff -Nru gnutls28-3.6.7/debian/patches/40_rel3.6.10_01-gnutls_epoch_set_keys-do-not-forbid-random-padding.patch gnutls28-3.6.7/debian/patches/40_rel3.6.10_01-gnutls_epoch_set_keys-do-not-forbid-random-padding.patch
--- gnutls28-3.6.7/debian/patches/40_rel3.6.10_01-gnutls_epoch_set_keys-do-not-forbid-random-padding.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.6.7/debian/patches/40_rel3.6.10_01-gnutls_epoch_set_keys-do-not-forbid-random-padding.patch	2019-11-28 16:54:28.000000000 +0100
@@ -0,0 +1,63 @@
+From daa49b9e455d262a1a2bc1b641e72dc004e2cb3e Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav at gnutls.org>
+Date: Sat, 3 Aug 2019 21:51:58 +0200
+Subject: [PATCH] _gnutls_epoch_set_keys: do not forbid random padding in
+ TLS1.x CBC ciphersuites
+
+Since some point in 3.6.x we updated the calculation of maximum record size,
+however that did not include the possibility of random record padding available
+for CBC ciphersuites which exceeds the maximum. This commit allows for larger
+sizes for these ciphersuites to account for random padding as applied by
+gnutls 2.12.x.
+
+Resolves: #811
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav at gnutls.org>
+---
+ NEWS           |  4 ++++
+ lib/constate.c | 11 +++++++++--
+ lib/record.c   |  4 ++--
+ 3 files changed, 15 insertions(+), 4 deletions(-)
+
+diff --git a/lib/constate.c b/lib/constate.c
+index 51a4eca30..4c6ca0fd0 100644
+--- a/lib/constate.c
++++ b/lib/constate.c
+@@ -707,10 +707,17 @@ int _gnutls_epoch_set_keys(gnutls_session_t session, uint16_t epoch, hs_stage_t
+ 			return gnutls_assert_val(ret);
+ 	}
+ 
+-	if (ver->tls13_sem) {
++	/* The TLS1.3 limit of 256 additional bytes is also enforced under CBC
++	 * ciphers to ensure we interoperate with gnutls 2.12.x which could add padding
++	 * data exceeding the maximum. */
++	if (ver->tls13_sem || _gnutls_cipher_type(params->cipher) == CIPHER_BLOCK) {
+ 		session->internals.max_recv_size = 256;
+ 	} else {
+-		session->internals.max_recv_size = _gnutls_record_overhead(ver, params->cipher, params->mac, 1);
++		session->internals.max_recv_size = 0;
++	}
++
++	if (!ver->tls13_sem) {
++		session->internals.max_recv_size += _gnutls_record_overhead(ver, params->cipher, params->mac, 1);
+ 		if (session->internals.allow_large_records != 0)
+ 			session->internals.max_recv_size += EXTRA_COMP_SIZE;
+ 	}
+diff --git a/lib/record.c b/lib/record.c
+index 39d2a16be..7c7e36561 100644
+--- a/lib/record.c
++++ b/lib/record.c
+@@ -1219,8 +1219,8 @@ static int recv_headers(gnutls_session_t session,
+ 
+ 	if (record->length == 0 || record->length > max_record_recv_size(session)) {
+ 		_gnutls_audit_log
+-		    (session, "Received packet with illegal length: %u\n",
+-		     (unsigned int) record->length);
++		    (session, "Received packet with illegal length: %u (max: %u)\n",
++		     (unsigned int) record->length, (unsigned)max_record_recv_size(session));
+ 
+ 		if (record->length == 0) {
+ 			/* Empty, unencrypted records are always unexpected. */
+-- 
+2.23.0
+
diff -Nru gnutls28-3.6.7/debian/patches/series gnutls28-3.6.7/debian/patches/series
--- gnutls28-3.6.7/debian/patches/series	2019-06-12 19:21:15.000000000 +0200
+++ gnutls28-3.6.7/debian/patches/series	2019-11-28 16:56:31.000000000 +0100
@@ -5,3 +5,4 @@
 40_rel3.6.8_10-ext-record_size_limit-distinguish-sending-and-receiv.patch
 40_rel3.6.8_15-Apply-STD3-ASCII-rules-in-gnutls_idna_map.patch
 40_rel3.6.8_20-pubkey-remove-deprecated-TLS1_RSA-flag-check.patch
+40_rel3.6.10_01-gnutls_epoch_set_keys-do-not-forbid-random-padding.patch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnutls-maint/attachments/20191128/2a8aa8b0/attachment-0001.sig>

More information about the Pkg-gnutls-maint mailing list