Skip to content
Snippets Groups Projects
Commit 3a9d6371 authored by Laurent Carlier's avatar Laurent Carlier
Browse files

Add tls fix

parent 693a4713
No related branches found
No related tags found
No related merge requests found
......@@ -7,7 +7,7 @@
_pkgbasename=gnutls
pkgname=lib32-$_pkgbasename
pkgver=3.2.2
pkgrel=1
pkgrel=2
pkgdesc="A library which provides a secure layer over a reliable transport layer (32-bit)"
arch=('x86_64')
license=('GPL3' 'LGPL2.1')
......@@ -15,9 +15,11 @@ url="http://gnutls.org/"
options=('!libtool')
depends=('lib32-zlib' 'lib32-nettle' 'lib32-p11-kit' 'lib32-libtasn1' $_pkgbasename)
makedepends=('gcc-multilib' 'lib32-libidn')
source=(ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/${_pkgbasename}-${pkgver}.tar.xz{,.sig})
source=(ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/${_pkgbasename}-${pkgver}.tar.xz{,.sig}
tls_fix.diff)
md5sums=('9dd691ad1ccdb7386029809afef6b5ea'
'SKIP')
'SKIP'
'1bbf5bfb4e1420fd61c75e14347340fc')
build() {
export CC="gcc -m32"
......@@ -26,6 +28,9 @@ build() {
cd ${srcdir}/${_pkgbasename}-${pkgver}
# fix broken TLS connections
patch -Np1 -i ../tls_fix.diff
# build fails without --disable-hardware-acceleration because of assembler errors
./configure --prefix=/usr --libdir=/usr/lib32 \
--with-zlib \
......
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index 198cb34..3caa5ac 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -710,7 +710,11 @@ ciphertext_to_compressed (gnutls_session_t session,
return gnutls_assert_val(ret);
if (unlikely((unsigned)length_to_decrypt > compressed->size))
- return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+ {
+ _gnutls_audit_log(session, "Received %u bytes, while expecting less than %u\n",
+ (unsigned int)length_to_decrypt, (unsigned int)compressed->size);
+ return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+ }
ret =
_gnutls_auth_cipher_decrypt2 (&params->read.cipher_state,
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index 993ddb9..4795711 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -1193,8 +1193,8 @@ begin:
/* We allocate the maximum possible to allow few compressed bytes to expand to a
* full record.
*/
- decrypted = _mbuffer_alloc(MAX_RECORD_RECV_SIZE(session),
- MAX_RECORD_RECV_SIZE(session));
+ t.size = _gnutls_get_max_decrypted_data(session);
+ decrypted = _mbuffer_alloc(t.size, t.size);
if (decrypted == NULL)
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment