summaryrefslogtreecommitdiff
path: root/external/openssl/CVE-2014-3567.patch
diff options
context:
space:
mode:
authorCaolán McNamara <caolanm@redhat.com>2014-10-17 11:07:59 +0100
committerAndras Timar <andras.timar@collabora.com>2014-10-17 06:23:22 -0700
commit2ae53ab6e6e8eee4384648ab8b40bba72ce746ba (patch)
treeed001823d7932838e2356390484e4f9d2dbcaf9a /external/openssl/CVE-2014-3567.patch
parentc1b850ed0ad3740fb7dc731f0f1bb49b7f5562d4 (diff)
CVE-2014-3566 (etc)
i.e. sync with fedora 20 openssl-1.0.1e security backports Change-Id: I9e07d3aad7f0c7a3fd684d4e52b3b952cfb2f82d
Diffstat (limited to 'external/openssl/CVE-2014-3567.patch')
-rw-r--r--external/openssl/CVE-2014-3567.patch14
1 files changed, 14 insertions, 0 deletions
diff --git a/external/openssl/CVE-2014-3567.patch b/external/openssl/CVE-2014-3567.patch
new file mode 100644
index 000000000000..db158f30b506
--- /dev/null
+++ b/external/openssl/CVE-2014-3567.patch
@@ -0,0 +1,14 @@
+diff -up openssl-1.0.1e/ssl/t1_lib.c.ticket-leak openssl-1.0.1e/ssl/t1_lib.c
+--- a/a/ssl/t1_lib.c.ticket-leak 2014-10-15 13:19:26.825454374 +0200
++++ b/b/ssl/t1_lib.c 2014-10-15 13:19:59.955202293 +0200
+@@ -2280,7 +2280,10 @@ static int tls_decrypt_ticket(SSL *s, co
+ HMAC_Final(&hctx, tick_hmac, NULL);
+ HMAC_CTX_cleanup(&hctx);
+ if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen))
++ {
++ EVP_CIPHER_CTX_cleanup(&ctx);
+ return 2;
++ }
+ /* Attempt to decrypt session data */
+ /* Move p after IV to start of encrypted ticket, update length */
+ p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);