Module Name: src
Committed By: spz
Date: Thu Feb 10 06:04:54 UTC 2011
Modified Files:
src/crypto/external/bsd/openssl/dist/ssl: t1_lib.c
Log Message:
fix for CVE-2011-0014 (OCSP stapling vulnerability in OpenSSL)
patch taken from http://www.openssl.org/news/secadv_20110208.txt
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.3 src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.4
--- src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.3 Tue Dec 7 10:03:29 2010
+++ src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c Thu Feb 10 06:04:54 2011
@@ -916,6 +916,7 @@
}
n2s(data, idsize);
dsize -= 2 + idsize;
+ size -= 2 + idsize;
if (dsize < 0)
{
*al = SSL_AD_DECODE_ERROR;
@@ -954,9 +955,14 @@
}
/* Read in request_extensions */
+ if (size < 2)
+ {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
n2s(data,dsize);
size -= 2;
- if (dsize > size)
+ if (dsize != size)
{
*al = SSL_AD_DECODE_ERROR;
return 0;
