diff options
Diffstat (limited to 'package/libs/openssl/patches/001-fix-CVE-2014-3569.patch')
| -rw-r--r-- | package/libs/openssl/patches/001-fix-CVE-2014-3569.patch | 38 |
1 files changed, 0 insertions, 38 deletions
diff --git a/package/libs/openssl/patches/001-fix-CVE-2014-3569.patch b/package/libs/openssl/patches/001-fix-CVE-2014-3569.patch deleted file mode 100644 index 26dfb29452..0000000000 --- a/package/libs/openssl/patches/001-fix-CVE-2014-3569.patch +++ /dev/null @@ -1,38 +0,0 @@ -From: Kurt Roeckx <kurt@roeckx.be> -Date: Tue, 21 Oct 2014 18:45:15 +0000 (+0200) -Subject: Keep old method in case of an unsupported protocol -X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=392fa7a952e97d82eac6958c81ed1e256e6b8ca5 - -Keep old method in case of an unsupported protocol - -When we're configured with no-ssl3 and we receive an SSL v3 Client Hello, we set -the method to NULL. We didn't used to do that, and it breaks things. This is a -regression introduced in 62f45cc27d07187b59551e4fad3db4e52ea73f2c. Keep the old -method since the code is not able to deal with a NULL method at this time. - -CVE-2014-3569, PR#3571 - -Reviewed-by: Emilia Käsper <emilia@openssl.org> ---- - -diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c -index 38960ba..858420d 100644 ---- a/ssl/s23_srvr.c -+++ b/ssl/s23_srvr.c -@@ -615,12 +615,14 @@ int ssl23_get_client_hello(SSL *s) - if ((type == 2) || (type == 3)) - { - /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */ -- s->method = ssl23_get_server_method(s->version); -- if (s->method == NULL) -+ const SSL_METHOD *new_method; -+ new_method = ssl23_get_server_method(s->version); -+ if (new_method == NULL) - { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); - goto err; - } -+ s->method = new_method; - - if (!ssl_init_wbio_buffer(s,1)) goto err; - |