# --- T2-COPYRIGHT-NOTE-BEGIN ---
# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
# 
# T2 SDE: package/.../gnutls/CVE-2006-4790.patch
# Copyright (C) 2006 The T2 SDE Project
# 
# More information can be found in the files COPYING and README.
# 
# This patch file is dual-licensed. It is available under the license the
# patched project is licensed under, as long as it is an OpenSource license
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
# of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
# --- T2-COPYRIGHT-NOTE-END ---

diff -Nur gnutls-1.2.11-orig/lib/x509/verify.c gnutls-1.2.11/lib/x509/verify.c
--- gnutls-1.2.11-orig/lib/x509/verify.c	2005-10-28 10:38:47.000000000 +0300
+++ gnutls-1.2.11/lib/x509/verify.c	2006-09-14 23:48:31.000000000 +0300
@@ -466,6 +466,19 @@
 	asn1_delete_structure(&dinfo);
 	return GNUTLS_E_UNKNOWN_HASH_ALGORITHM;
     }
+ 
+  len = sizeof (str) - 1;
+  result = asn1_read_value (dinfo, "digestAlgorithm.parameters", str, &len);
+  /* To avoid permitting garbage in the parameters field, either the
+     parameters field is not present, or it contains 0x05 0x00. */
+  if (!(result == ASN1_ELEMENT_NOT_FOUND ||
+	(result == ASN1_SUCCESS && len == 2 &&
+	 str[0] == 0x05 && str[1] == 0x00)))
+    {
+      gnutls_assert ();
+      asn1_delete_structure (&dinfo);
+      return GNUTLS_E_ASN1_GENERIC_ERROR;
+    }
 
     result = asn1_read_value(dinfo, "digest", digest, digest_size);
     if (result != ASN1_SUCCESS) {