1 files changed, 53 insertions, 0 deletions

diff --git a/package/openssl/patches/900-CVE-2009-1387.patch b/package/openssl/patches/900-CVE-2009-1387.patch
new file mode 100644
index 0000000000..7a2a47e9b5
--- /dev/null
+++ b/package/openssl/patches/900-CVE-2009-1387.patch
@@ -0,0 +1,53 @@
+http://bugs.gentoo.org/270305
+
+fix from upstream
+
+--- a/ssl/d1_both.c
++++ b/ssl/d1_both.c
+@@ -585,30 +585,31 @@ dtls1_process_out_of_seq_message(SSL *s,
+ 			}
+ 		}
+ 
+-	frag = dtls1_hm_fragment_new(frag_len);
+-	if ( frag == NULL)
+-		goto err;
++	if (frag_len)
++	{
++		frag = dtls1_hm_fragment_new(frag_len);
++		if ( frag == NULL)
++			goto err;
+ 
+-	memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
++		memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
+ 
+-	if (frag_len)
+-		{
+-		/* read the body of the fragment (header has already been read */
++		/* read the body of the fragment (header has already been read) */
+ 		i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
+ 			frag->fragment,frag_len,0);
+ 		if (i<=0 || (unsigned long)i!=frag_len)
+ 			goto err;
+-		}
+ 
+-	pq_64bit_init(&seq64);
+-	pq_64bit_assign_word(&seq64, msg_hdr->seq);
++		pq_64bit_init(&seq64);
++		pq_64bit_assign_word(&seq64, msg_hdr->seq);
+ 
+-	item = pitem_new(seq64, frag);
+-	pq_64bit_free(&seq64);
+-	if ( item == NULL)
+-		goto err;
++		item = pitem_new(seq64, frag);
++		pq_64bit_free(&seq64);
++		if ( item == NULL)
++			goto err;
++
++		pqueue_insert(s->d1->buffered_messages, item);
++	}
+ 
+-	pqueue_insert(s->d1->buffered_messages, item);
+ 	return DTLS1_HM_FRAGMENT_RETRY;
+ 
+ err: