From e8f993815a1612c1b3c62fb28f74e614c840935f Mon Sep 17 00:00:00 2001
From: Hugo Lefeuvre <hugo.lefeuvre@savoirfairelinux.com>
Date: Thu, 19 Apr 2018 15:35:54 -0400
Subject: [PATCH] fix: global buffer overflow in pjlib

Change-Id: I57b749e9f7819710a691eaa2839092e04dc86fcc
---
 contrib/src/pjproject/gnutls.patch | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/contrib/src/pjproject/gnutls.patch b/contrib/src/pjproject/gnutls.patch
index df9de5529a..feebd08177 100644
--- a/contrib/src/pjproject/gnutls.patch
+++ b/contrib/src/pjproject/gnutls.patch
@@ -375,7 +375,7 @@ new file mode 100644
 index 0000000..37bcaba
 --- /dev/null
 +++ b/pjlib/src/pj/ssl_sock_gtls.c
-@@ -0,0 +1,2877 @@
+@@ -0,0 +1,2882 @@
 +/* $Id$ */
 +/*
 + * Copyright (C) 2014-2018 Savoir-faire Linux. (https://www.savoirfairelinux.com)
@@ -855,11 +855,16 @@ index 0000000..37bcaba
 +            unsigned char id[2];
 +            const char *suite = gnutls_cipher_suite_info(i, (unsigned char *)id,
 +                                                         NULL, NULL, NULL, NULL);
-+            tls_ciphers[i].id = 0;
++
++            if (i < PJ_ARRAY_SIZE(tls_ciphers))
++                tls_ciphers[i].id = 0;
++            else
++                break;
++
 +            /* usually the array size is bigger than the number of available
 +             * ciphers anyway, so by checking here we can exit the loop as soon
 +             * as either all ciphers have been added or the array is full */
-+            if (suite && i < PJ_ARRAY_SIZE(tls_ciphers)) {
++            if (suite) {
 +                tls_ciphers[i].id = (pj_ssl_cipher)
 +                    (pj_uint32_t) ((id[0] << 8) | id[1]);
 +                tls_ciphers[i].name = suite;
-- 
GitLab