summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordjm <>2011-02-11 03:23:39 +0000
committerdjm <>2011-02-11 03:23:39 +0000
commit6435c2740e6061a4a10556edceabd0175e40c14e (patch)
treef31964fedf62a5b9bb61843d0a9f8f37ccdcac48
parentadf15f8fc74fde7c8f2d1b36b81629b22956657c (diff)
downloadopenbsd-OPENBSD_4_7.tar.gz
openbsd-OPENBSD_4_7.tar.bz2
openbsd-OPENBSD_4_7.zip
---------------------------- revision 1.8 date: 2011/02/10 22:40:27; author: djm; state: Exp; lines: +7 -1 fix for CVE-2011-0014 "OCSP stapling vulnerability"; ok markus@ jasper@ miod@ AFAIK nothing in base uses this, though apache2 from ports may be affected. ----------------------------
-rw-r--r--src/lib/libssl/src/ssl/t1_lib.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c
index 5d401c3572..0528309132 100644
--- a/src/lib/libssl/src/ssl/t1_lib.c
+++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -452,6 +452,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
452 } 452 }
453 n2s(data, idsize); 453 n2s(data, idsize);
454 dsize -= 2 + idsize; 454 dsize -= 2 + idsize;
455 size -= 2 + idsize;
455 if (dsize < 0) 456 if (dsize < 0)
456 { 457 {
457 *al = SSL_AD_DECODE_ERROR; 458 *al = SSL_AD_DECODE_ERROR;
@@ -490,9 +491,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
490 } 491 }
491 492
492 /* Read in request_extensions */ 493 /* Read in request_extensions */
494 if (size < 2)
495 {
496 *al = SSL_AD_DECODE_ERROR;
497 return 0;
498 }
493 n2s(data,dsize); 499 n2s(data,dsize);
494 size -= 2; 500 size -= 2;
495 if (dsize > size) 501 if (dsize != size)
496 { 502 {
497 *al = SSL_AD_DECODE_ERROR; 503 *al = SSL_AD_DECODE_ERROR;
498 return 0; 504 return 0;