diff options
author | djm <> | 2011-02-11 03:23:39 +0000 |
---|---|---|
committer | djm <> | 2011-02-11 03:23:39 +0000 |
commit | 6435c2740e6061a4a10556edceabd0175e40c14e (patch) | |
tree | f31964fedf62a5b9bb61843d0a9f8f37ccdcac48 | |
parent | adf15f8fc74fde7c8f2d1b36b81629b22956657c (diff) | |
download | openbsd-OPENBSD_4_7.tar.gz openbsd-OPENBSD_4_7.tar.bz2 openbsd-OPENBSD_4_7.zip |
MFC:OPENBSD_4_7
----------------------------
revision 1.8
date: 2011/02/10 22:40:27; author: djm; state: Exp; lines: +7 -1
fix for CVE-2011-0014 "OCSP stapling vulnerability";
ok markus@ jasper@ miod@
AFAIK nothing in base uses this, though apache2 from ports may be affected.
----------------------------
-rw-r--r-- | src/lib/libssl/src/ssl/t1_lib.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c index 5d401c3572..0528309132 100644 --- a/src/lib/libssl/src/ssl/t1_lib.c +++ b/src/lib/libssl/src/ssl/t1_lib.c | |||
@@ -452,6 +452,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in | |||
452 | } | 452 | } |
453 | n2s(data, idsize); | 453 | n2s(data, idsize); |
454 | dsize -= 2 + idsize; | 454 | dsize -= 2 + idsize; |
455 | size -= 2 + idsize; | ||
455 | if (dsize < 0) | 456 | if (dsize < 0) |
456 | { | 457 | { |
457 | *al = SSL_AD_DECODE_ERROR; | 458 | *al = SSL_AD_DECODE_ERROR; |
@@ -490,9 +491,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in | |||
490 | } | 491 | } |
491 | 492 | ||
492 | /* Read in request_extensions */ | 493 | /* Read in request_extensions */ |
494 | if (size < 2) | ||
495 | { | ||
496 | *al = SSL_AD_DECODE_ERROR; | ||
497 | return 0; | ||
498 | } | ||
493 | n2s(data,dsize); | 499 | n2s(data,dsize); |
494 | size -= 2; | 500 | size -= 2; |
495 | if (dsize > size) | 501 | if (dsize != size) |
496 | { | 502 | { |
497 | *al = SSL_AD_DECODE_ERROR; | 503 | *al = SSL_AD_DECODE_ERROR; |
498 | return 0; | 504 | return 0; |