1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2025-07-23 03:05:48 +03:00
aports/community/csync2/CVE-2019-15523.patch

101 lines
2.6 KiB
Diff

From 92742544a56bcbcd9ec99ca15f898b31797e39e2 Mon Sep 17 00:00:00 2001
From: Malte Kraus <malte.kraus@suse.com>
Date: Tue, 13 Aug 2019 13:36:26 +0200
Subject: [PATCH] repeat gnutls_handshake() call in case of warnings
that's what the semantics of this call require
---
conn.c | 71 ++++++++++++++++++++++++++++++++--------------------------
1 file changed, 39 insertions(+), 32 deletions(-)
diff --git a/conn.c b/conn.c
index be26f72..c013860 100644
--- a/conn.c
+++ b/conn.c
@@ -276,6 +276,7 @@ int conn_activate_ssl(int server_role)
char *ssl_keyfile;
char *ssl_certfile;
int err;
+ int handshake_repeat = 0;
if (csync_conn_usessl)
return 0;
@@ -333,40 +334,46 @@ int conn_activate_ssl(int server_role)
(gnutls_transport_ptr_t)(long)conn_fd_out
);
- err = gnutls_handshake(conn_tls_session);
- switch(err) {
- case GNUTLS_E_SUCCESS:
- break;
-
- case GNUTLS_E_WARNING_ALERT_RECEIVED:
- alrt = gnutls_alert_get(conn_tls_session);
- fprintf(
- csync_debug_out,
- "SSL: warning alert received from peer: %d (%s).\n",
- alrt, gnutls_alert_get_name(alrt)
- );
- break;
-
- case GNUTLS_E_FATAL_ALERT_RECEIVED:
- alrt = gnutls_alert_get(conn_tls_session);
- fprintf(
- csync_debug_out,
- "SSL: fatal alert received from peer: %d (%s).\n",
- alrt, gnutls_alert_get_name(alrt)
- );
- default:
- gnutls_bye(conn_tls_session, GNUTLS_SHUT_RDWR);
- gnutls_deinit(conn_tls_session);
- gnutls_certificate_free_credentials(conn_x509_cred);
- gnutls_global_deinit();
+ do {
+ handshake_repeat = 0;
+ err = gnutls_handshake(conn_tls_session);
+ switch(err) {
+ case GNUTLS_E_SUCCESS:
+ break;
- csync_fatal(
- "SSL: handshake failed: %s (%s)\n",
- gnutls_strerror(err),
- gnutls_strerror_name(err)
- );
- }
+ case GNUTLS_E_WARNING_ALERT_RECEIVED:
+ alrt = gnutls_alert_get(conn_tls_session);
+ fprintf(
+ csync_debug_out,
+ "SSL: warning alert received from peer: %d (%s).\n",
+ alrt, gnutls_alert_get_name(alrt)
+ );
+ handshake_repeat = 1;
+ break;
+
+ case GNUTLS_E_FATAL_ALERT_RECEIVED:
+ alrt = gnutls_alert_get(conn_tls_session);
+ fprintf(
+ csync_debug_out,
+ "SSL: fatal alert received from peer: %d (%s).\n",
+ alrt, gnutls_alert_get_name(alrt)
+ );
+ // fall-through!
+
+ default:
+ gnutls_bye(conn_tls_session, GNUTLS_SHUT_RDWR);
+ gnutls_deinit(conn_tls_session);
+ gnutls_certificate_free_credentials(conn_x509_cred);
+ gnutls_global_deinit();
+
+ csync_fatal(
+ "SSL: handshake failed: %s (%s)\n",
+ gnutls_strerror(err),
+ gnutls_strerror_name(err)
+ );
+ }
+ } while (handshake_repeat);
csync_conn_usessl = 1;