* [gentoo-commits] gentoo-x86 commit in dev-libs/openssl/files: openssl-0.9.8l-CVE-2009-1377.patch openssl-0.9.8l-CVE-2009-1378.patch openssl-0.9.8l-CVE-2009-1379.patch
@ 2009-11-05 20:08 Mike Frysinger (vapier)
0 siblings, 0 replies; only message in thread
From: Mike Frysinger (vapier) @ 2009-11-05 20:08 UTC (permalink / raw
To: gentoo-commits
vapier 09/11/05 20:08:48
Added: openssl-0.9.8l-CVE-2009-1377.patch
openssl-0.9.8l-CVE-2009-1378.patch
openssl-0.9.8l-CVE-2009-1379.patch
Log:
Add some patches from upstream #270305.
(Portage version: 2.2_rc46/cvs/Linux x86_64)
Revision Changes Path
1.1 dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1377.patch
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1377.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1377.patch?rev=1.1&content-type=text/plain
Index: openssl-0.9.8l-CVE-2009-1377.patch
===================================================================
http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
Index: openssl/crypto/pqueue/pqueue.c
RCS File: /v/openssl/cvs/openssl/crypto/pqueue/pqueue.c,v
rcsdiff -q -kk '-r1.2.2.4' '-r1.2.2.5' -u '/v/openssl/cvs/openssl/crypto/pqueue/pqueue.c,v' 2>/dev/null
--- crypto/pqueue/pqueue.c 2005/06/28 12:53:33 1.2.2.4
+++ crypto/pqueue/pqueue.c 2009/05/16 16:18:44 1.2.2.5
@@ -234,3 +234,17 @@
return ret;
}
+
+int
+pqueue_size(pqueue_s *pq)
+{
+ pitem *item = pq->items;
+ int count = 0;
+
+ while(item != NULL)
+ {
+ count++;
+ item = item->next;
+ }
+ return count;
+}
Index: openssl/crypto/pqueue/pqueue.h
RCS File: /v/openssl/cvs/openssl/crypto/pqueue/pqueue.h,v
rcsdiff -q -kk '-r1.2.2.1' '-r1.2.2.2' -u '/v/openssl/cvs/openssl/crypto/pqueue/pqueue.h,v' 2>/dev/null
--- crypto/pqueue/pqueue.h 2005/05/30 22:34:27 1.2.2.1
+++ crypto/pqueue/pqueue.h 2009/05/16 16:18:44 1.2.2.2
@@ -91,5 +91,6 @@
pitem *pqueue_next(piterator *iter);
void pqueue_print(pqueue pq);
+int pqueue_size(pqueue pq);
#endif /* ! HEADER_PQUEUE_H */
Index: openssl/ssl/d1_pkt.c
RCS File: /v/openssl/cvs/openssl/ssl/d1_pkt.c,v
rcsdiff -q -kk '-r1.4.2.17' '-r1.4.2.18' -u '/v/openssl/cvs/openssl/ssl/d1_pkt.c,v' 2>/dev/null
--- ssl/d1_pkt.c 2009/05/16 15:51:59 1.4.2.17
+++ ssl/d1_pkt.c 2009/05/16 16:18:45 1.4.2.18
@@ -167,6 +167,10 @@
DTLS1_RECORD_DATA *rdata;
pitem *item;
+ /* Limit the size of the queue to prevent DOS attacks */
+ if (pqueue_size(queue->q) >= 100)
+ return 0;
+
rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
item = pitem_new(priority, rdata);
if (rdata == NULL || item == NULL)
1.1 dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1378.patch
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1378.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1378.patch?rev=1.1&content-type=text/plain
Index: openssl-0.9.8l-CVE-2009-1378.patch
===================================================================
http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
Index: ssl/d1_both.c
===================================================================
--- ssl/d1_both.c.orig
+++ ssl/d1_both.c
@@ -561,7 +561,16 @@ dtls1_process_out_of_seq_message(SSL *s,
if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
goto err;
- if (msg_hdr->seq <= s->d1->handshake_read_seq)
+ /* Try to find item in queue, to prevent duplicate entries */
+ pq_64bit_init(&seq64);
+ pq_64bit_assign_word(&seq64, msg_hdr->seq);
+ item = pqueue_find(s->d1->buffered_messages, seq64);
+ pq_64bit_free(&seq64);
+
+ /* Discard the message if sequence number was already there, is
+ * too far in the future or the fragment is already in the queue */
+ if (msg_hdr->seq <= s->d1->handshake_read_seq ||
+ msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL)
{
unsigned char devnull [256];
1.1 dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1379.patch
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1379.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1379.patch?rev=1.1&content-type=text/plain
Index: openssl-0.9.8l-CVE-2009-1379.patch
===================================================================
Index: openssl/ssl/d1_both.c
RCS File: /v/openssl/cvs/openssl/ssl/d1_both.c,v
rcsdiff -q -kk '-r1.14.2.6' '-r1.14.2.7' -u '/v/openssl/cvs/openssl/ssl/d1_both.c,v' 2>/dev/null
--- d1_both.c 2009/04/22 12:17:02 1.14.2.6
+++ d1_both.c 2009/05/13 11:51:30 1.14.2.7
@@ -519,6 +519,7 @@
if ( s->d1->handshake_read_seq == frag->msg_header.seq)
{
+ unsigned long frag_len = frag->msg_header.frag_len;
pqueue_pop(s->d1->buffered_messages);
al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
@@ -536,7 +537,7 @@
if (al==0)
{
*ok = 1;
- return frag->msg_header.frag_len;
+ return frag_len;
}
ssl3_send_alert(s,SSL3_AL_FATAL,al);
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2009-11-05 20:08 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-11-05 20:08 [gentoo-commits] gentoo-x86 commit in dev-libs/openssl/files: openssl-0.9.8l-CVE-2009-1377.patch openssl-0.9.8l-CVE-2009-1378.patch openssl-0.9.8l-CVE-2009-1379.patch Mike Frysinger (vapier)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox