summaryrefslogtreecommitdiff
path: root/external/openssl/CVE-2014-3509.patch
diff options
context:
space:
mode:
authorCaolán McNamara <caolanm@redhat.com>2014-10-17 11:07:59 +0100
committerAndras Timar <andras.timar@collabora.com>2014-10-17 06:23:22 -0700
commit2ae53ab6e6e8eee4384648ab8b40bba72ce746ba (patch)
treeed001823d7932838e2356390484e4f9d2dbcaf9a /external/openssl/CVE-2014-3509.patch
parentc1b850ed0ad3740fb7dc731f0f1bb49b7f5562d4 (diff)
CVE-2014-3566 (etc)
i.e. sync with fedora 20 openssl-1.0.1e security backports Change-Id: I9e07d3aad7f0c7a3fd684d4e52b3b952cfb2f82d
Diffstat (limited to 'external/openssl/CVE-2014-3509.patch')
-rw-r--r--external/openssl/CVE-2014-3509.patch45
1 files changed, 45 insertions, 0 deletions
diff --git a/external/openssl/CVE-2014-3509.patch b/external/openssl/CVE-2014-3509.patch
new file mode 100644
index 000000000000..45c94624f177
--- /dev/null
+++ b/external/openssl/CVE-2014-3509.patch
@@ -0,0 +1,45 @@
+From 86788e1ee6908a5b3a4c95fa80caa4b724a8a434 Mon Sep 17 00:00:00 2001
+From: Gabor Tyukasz <Gabor.Tyukasz@logmein.com>
+Date: Wed, 23 Jul 2014 23:42:06 +0200
+Subject: [PATCH] Fix race condition in ssl_parse_serverhello_tlsext
+
+CVE-2014-3509
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
+---
+ ssl/t1_lib.c | 17 ++++++++++-------
+ 1 file changed, 10 insertions(+), 7 deletions(-)
+
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index 8167a51..022a4fb 100644
+--- a/a/ssl/t1_lib.c
++++ b/b/ssl/t1_lib.c
+@@ -1555,15 +1555,18 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
+ *al = TLS1_AD_DECODE_ERROR;
+ return 0;
+ }
+- s->session->tlsext_ecpointformatlist_length = 0;
+- if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist);
+- if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
++ if (!s->hit)
+ {
+- *al = TLS1_AD_INTERNAL_ERROR;
+- return 0;
++ s->session->tlsext_ecpointformatlist_length = 0;
++ if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist);
++ if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
++ {
++ *al = TLS1_AD_INTERNAL_ERROR;
++ return 0;
++ }
++ s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
++ memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
+ }
+- s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
+- memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
+ #if 0
+ fprintf(stderr,"ssl_parse_serverhello_tlsext s->session->tlsext_ecpointformatlist ");
+ sdata = s->session->tlsext_ecpointformatlist;
+--
+1.8.3.1
+