$OpenBSD: patch-lib_gnutls_cipher_c,v 1.2 2013/06/18 13:22:39 ajacoutot Exp $

Security fix for CVE-2013-2116,
GnuTLS TLS Record Decoding Denial of Service Vulnerability

Patch from upstream:
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6754

--- lib/gnutls_cipher.c.orig	Sat May 25 13:06:37 2013
+++ lib/gnutls_cipher.c	Tue Jun 18 14:50:50 2013
@@ -762,6 +762,8 @@ ciphertext_to_compressed (gnutls_session_t session,
         return gnutls_assert_val(ret);
 
       pad = ciphertext->data[ciphertext->size - 1];   /* pad */
+      if (pad+1 > ciphertext->size-tag_size)
+	pad_failed = GNUTLS_E_DECRYPTION_FAILED;
 
       /* Check the pading bytes (TLS 1.x). 
        * Note that we access all 256 bytes of ciphertext for padding check
