From 159c524df847edc5737f7740ed8c864d0f3ba9d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Thu, 30 Apr 2015 11:15:22 +0200
Subject: [PATCH 1/3] Fix undefined behaviour in x509

---
 ChangeLog          | 2 ++
 library/x509_crl.c | 3 ++-
 library/x509_crt.c | 3 ++-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index c4203930d..7e7374bd5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -33,6 +33,8 @@ Features
      errors on use of deprecated functions.
 
 Bugfix
+   * Fix undefined behaviour (memcmp( NULL, NULL, 0 );) in X.509 modules
+     (detected by Clang's 3.6 UBSan).
    * mpi_size() and mpi_msb() would segfault when called on an mpi that is
      initialized but not set (found by pravic).
    * Fix detection of support for getrandom() on Linux (reported by syzzer) by
diff --git a/library/x509_crl.c b/library/x509_crl.c
index e2076a661..de2079fc7 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -462,7 +462,8 @@ int x509_crl_parse_der( x509_crl *chain,
     if( crl->sig_oid1.len != crl->sig_oid2.len ||
         memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 ||
         sig_params1.len != sig_params2.len ||
-        memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 )
+        ( sig_params1.len != 0 &&
+          memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
     {
         x509_crl_free( crl );
         return( POLARSSL_ERR_X509_SIG_MISMATCH );
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 4e4d806a9..fe9e552d2 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -760,7 +760,8 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
     if( crt->sig_oid1.len != crt->sig_oid2.len ||
         memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 ||
         sig_params1.len != sig_params2.len ||
-        memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 )
+        ( sig_params1.len != 0 &&
+          memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
     {
         x509_crt_free( crt );
         return( POLARSSL_ERR_X509_SIG_MISMATCH );

From f52248a959ca26c7e894012f420af3a2856cf205 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Thu, 30 Apr 2015 12:15:16 +0200
Subject: [PATCH 2/3] Adapt compat.sh to GnuTLS 3.4

---
 tests/compat.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/compat.sh b/tests/compat.sh
index 554adeffb..5a3c222c0 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -679,7 +679,7 @@ setup_arguments()
     P_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1"
     O_SERVER_ARGS="-accept $PORT -www -cipher NULL,ALL -$MODE"
     G_SERVER_ARGS="-p $PORT --http"
-    G_SERVER_PRIO="EXPORT:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
+    G_SERVER_PRIO="NORMAL:+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
 
     P_CLIENT_ARGS="server_port=$PORT force_version=$MODE"
     O_CLIENT_ARGS="-connect localhost:$PORT -$MODE"

From fa950c94804fb5c93989b5ca62a60b3b6eb6e414 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Thu, 30 Apr 2015 12:50:22 +0200
Subject: [PATCH 3/3] fix bug in ssl_mail_client

---
 ChangeLog                      | 2 ++
 programs/ssl/ssl_mail_client.c | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 7e7374bd5..e904eb819 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -33,6 +33,8 @@ Features
      errors on use of deprecated functions.
 
 Bugfix
+   * Fix bug in ssl_mail_client when password is longer that username (found
+     by Bruno Pape).
    * Fix undefined behaviour (memcmp( NULL, NULL, 0 );) in X.509 modules
      (detected by Clang's 3.6 UBSan).
    * mpi_size() and mpi_msb() would segfault when called on an mpi that is
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index fcda1dde3..27c57a17f 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -722,7 +722,7 @@ int main( int argc, char *argv[] )
         polarssl_printf( "  > Write username to server: %s", opt.user_name );
         fflush( stdout );
 
-        n = sizeof( buf );
+        n = sizeof( base );
         ret = base64_encode( base, &n, (const unsigned char *) opt.user_name,
                              strlen( opt.user_name ) );
 
@@ -743,6 +743,7 @@ int main( int argc, char *argv[] )
         polarssl_printf( "  > Write password to server: %s", opt.user_pwd );
         fflush( stdout );
 
+        n = sizeof( base );
         ret = base64_encode( base, &n, (const unsigned char *) opt.user_pwd,
                              strlen( opt.user_pwd ) );