package/openssl/patches/402-cve-2009-1377.patch

   1 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377
   2
   3 --- a/ssl/d1_pkt.c
   4 +++ b/ssl/d1_pkt.c
   5 @@ -167,6 +167,10 @@ dtls1_buffer_record(SSL *s, record_pqueu
   6      DTLS1_RECORD_DATA *rdata;
   7         pitem *item;
   8
   9 +       /* Limit the size of the queue to prevent DOS attacks */
  10 +       if (pqueue_size(queue->q) >= 100)
  11 +               return 0;
  12 +
  13         rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
  14         item = pitem_new(priority, rdata);
  15         if (rdata == NULL || item == NULL)
  16 --- a/crypto/pqueue/pqueue.c
  17 +++ b/crypto/pqueue/pqueue.c
  18 @@ -234,3 +234,17 @@ pqueue_next(pitem **item)
  19
  20         return ret;
  21         }
  22 +
  23 +int
  24 +pqueue_size(pqueue_s *pq)
  25 +{
  26 +       pitem *item = pq->items;
  27 +       int count = 0;
  28 +
  29 +       while(item != NULL)
  30 +       {
  31 +               count++;
  32 +               item = item->next;
  33 +       }
  34 +       return count;
  35 +}
  36 --- a/crypto/pqueue/pqueue.h
  37 +++ b/crypto/pqueue/pqueue.h
  38 @@ -91,5 +91,6 @@ pitem *pqueue_iterator(pqueue pq);
  39  pitem *pqueue_next(piterator *iter);
  40
  41  void   pqueue_print(pqueue pq);
  42 +int    pqueue_size(pqueue pq);
  43
  44  #endif /* ! HEADER_PQUEUE_H */