projects / openwrt / svn-archive / archive.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
openssl: add fixes for CVE-2009-1387 and CVE-2009-2409 (thx, puchu)
[openwrt/svn-archive/archive.git] / package / openssl / patches / 900-CVE-2009-1387.patch
diff --git a/package/openssl/patches/900-CVE-2009-1387.patch b/package/openssl/patches/900-CVE-2009-1387.patch
new file mode 100644 (file)
index 0000000..7a2a47e
--- /dev/null
+++ b/package/openssl/patches/900-CVE-2009-1387.patch
@@ -0,0 +1,53 @@
+http://bugs.gentoo.org/270305
+
+fix from upstream
+
+--- a/ssl/d1_both.c
++++ b/ssl/d1_both.c
+@@ -585,30 +585,31 @@ dtls1_process_out_of_seq_message(SSL *s,
+                       }
+               }
+-      frag = dtls1_hm_fragment_new(frag_len);
+-      if ( frag == NULL)
+-              goto err;
++      if (frag_len)
++      {
++              frag = dtls1_hm_fragment_new(frag_len);
++              if ( frag == NULL)
++                      goto err;
+-      memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
++              memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
+-      if (frag_len)
+-              {
+-              /* read the body of the fragment (header has already been read */
++              /* read the body of the fragment (header has already been read) */
+               i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
+                       frag->fragment,frag_len,0);
+               if (i<=0 || (unsigned long)i!=frag_len)
+                       goto err;
+-              }
+-      pq_64bit_init(&seq64);
+-      pq_64bit_assign_word(&seq64, msg_hdr->seq);
++              pq_64bit_init(&seq64);
++              pq_64bit_assign_word(&seq64, msg_hdr->seq);
+-      item = pitem_new(seq64, frag);
+-      pq_64bit_free(&seq64);
+-      if ( item == NULL)
+-              goto err;
++              item = pitem_new(seq64, frag);
++              pq_64bit_free(&seq64);
++              if ( item == NULL)
++                      goto err;
++
++              pqueue_insert(s->d1->buffered_messages, item);
++      }
+-      pqueue_insert(s->d1->buffered_messages, item);
+       return DTLS1_HM_FRAGMENT_RETRY;
+ err:
OpenWrt SVN history