From: Antonio Radici <antonio@dyne.org>
Date: Thu, 5 May 2011 10:54:10 +0000 (+0000)
Subject: 619216-gnutls-CN-validation.patch: fix the validation of the commonname in the gnutls... 
X-Git-Tag: nntp/1.5.21-5nntp1~11
X-Git-Url: https://git.llucax.com/software/mutt-debian.git/commitdiff_plain/fc8719a8feeb301555937b80f1facf62a91568e1

619216-gnutls-CN-validation.patch: fix the validation of the commonname in the gnutls code (Closes: 619216)
---

diff --git a/debian/changelog b/debian/changelog
index 5101385..8642a54 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -25,6 +25,8 @@ mutt (1.5.21-5) unstable; urgency=low
     + 584138-mx_update_context-segfault.patch: fix a segfault due to holes in
       IMAP headers, 537694-segv-imap-headers.patch is removed as part of this fix
       (Closes: 584138)
+    + 619216-gnutls-CN-validation.patch: fix the validation of the
+      commonname in the gnutls code (Closes: 619216)
   * debian/patches/compressed-folders: remove partially uncompressed folder if
       the open fails (Closes: 578098)
   * debian/extra/samples/sidebar.muttrc: documented the options that
diff --git a/debian/patches/series b/debian/patches/series
index 2e55043..08a2104 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -50,6 +50,7 @@ upstream/611412-bts-regexp.patch
 upstream/624058-gnutls-deprecated-set-priority.patch
 upstream/624085-gnutls-deprecated-verify-peers.patch
 upstream/584138-mx_update_context-segfault.patch
+upstream/619216-gnutls-CN-validation.patch
 upstream/path_max
 
 mutt.org
diff --git a/debian/patches/upstream/619216-gnutls-CN-validation.patch b/debian/patches/upstream/619216-gnutls-CN-validation.patch
new file mode 100644
index 0000000..517e543
--- /dev/null
+++ b/debian/patches/upstream/619216-gnutls-CN-validation.patch
@@ -0,0 +1,36 @@
+This patch addresses a security problem due to the fact that the validation of
+the SSL CN is not correctly done in the gnutls-related code of mutt.
+
+The patch has been provided by hhorak on http://bugs.mutt.org/3506, the original
+bug where the security problem was reported for Debian is
+http://bugs.debian.org/619216
+
+--- a/mutt_ssl_gnutls.c
++++ b/mutt_ssl_gnutls.c
+@@ -999,6 +999,7 @@
+   unsigned int cert_list_size = 0;
+   gnutls_certificate_status certstat;
+   int certerr, i, preauthrc, savedcert, rc = 0;
++  int rcpeer;
+ 
+   if (gnutls_auth_get_type (state) != GNUTLS_CRD_CERTIFICATE)
+   {
+@@ -1024,6 +1025,9 @@
+   for (i = 0; i < cert_list_size; i++) {
+     rc = tls_check_preauth(&cert_list[i], certstat, conn->account.host, i,
+                            &certerr, &savedcert);
++    if (i ==0)
++      rcpeeer = rc;
++
+     preauthrc += rc;
+ 
+     if (savedcert)
+@@ -1049,7 +1053,7 @@
+         dprint (1, (debugfile, "error trusting certificate %d: %d\n", i, rc));
+ 
+       certstat = tls_verify_peers (state);
+-      if (!certstat)
++      if (!certstat && !rcpeer)
+         return 1;
+     }
+   }