diff options
Diffstat (limited to 'package/openssl/patches/900-CVE-2009-1377.patch')
-rw-r--r-- | package/openssl/patches/900-CVE-2009-1377.patch | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/package/openssl/patches/900-CVE-2009-1377.patch b/package/openssl/patches/900-CVE-2009-1377.patch new file mode 100644 index 0000000000..cc5a19fb4e --- /dev/null +++ b/package/openssl/patches/900-CVE-2009-1377.patch @@ -0,0 +1,53 @@ +http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest + +Index: openssl/crypto/pqueue/pqueue.c +RCS File: /v/openssl/cvs/openssl/crypto/pqueue/pqueue.c,v +rcsdiff -q -kk '-r1.2.2.4' '-r1.2.2.5' -u '/v/openssl/cvs/openssl/crypto/pqueue/pqueue.c,v' 2>/dev/null +--- pqueue.c 2005/06/28 12:53:33 1.2.2.4 ++++ pqueue.c 2009/05/16 16:18:44 1.2.2.5 +@@ -234,3 +234,17 @@ + + return ret; + } ++ ++int ++pqueue_size(pqueue_s *pq) ++{ ++ pitem *item = pq->items; ++ int count = 0; ++ ++ while(item != NULL) ++ { ++ count++; ++ item = item->next; ++ } ++ return count; ++} +Index: openssl/crypto/pqueue/pqueue.h +RCS File: /v/openssl/cvs/openssl/crypto/pqueue/pqueue.h,v +rcsdiff -q -kk '-r1.2.2.1' '-r1.2.2.2' -u '/v/openssl/cvs/openssl/crypto/pqueue/pqueue.h,v' 2>/dev/null +--- pqueue.h 2005/05/30 22:34:27 1.2.2.1 ++++ pqueue.h 2009/05/16 16:18:44 1.2.2.2 +@@ -91,5 +91,6 @@ + pitem *pqueue_next(piterator *iter); + + void pqueue_print(pqueue pq); ++int pqueue_size(pqueue pq); + + #endif /* ! HEADER_PQUEUE_H */ +Index: openssl/ssl/d1_pkt.c +RCS File: /v/openssl/cvs/openssl/ssl/d1_pkt.c,v +rcsdiff -q -kk '-r1.4.2.17' '-r1.4.2.18' -u '/v/openssl/cvs/openssl/ssl/d1_pkt.c,v' 2>/dev/null +--- d1_pkt.c 2009/05/16 15:51:59 1.4.2.17 ++++ d1_pkt.c 2009/05/16 16:18:45 1.4.2.18 +@@ -167,6 +167,10 @@ + DTLS1_RECORD_DATA *rdata; + pitem *item; + ++ /* Limit the size of the queue to prevent DOS attacks */ ++ if (pqueue_size(queue->q) >= 100) ++ return 0; ++ + rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); + item = pitem_new(priority, rdata); + if (rdata == NULL || item == NULL) |