summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordjm <>2011-02-11 03:24:29 +0000
committerdjm <>2011-02-11 03:24:29 +0000
commitcf95301f254917b83933a57c6ca1c4efa6c0a02a (patch)
tree603cd278f528a7021e31a6f883e961889e57c5dc
parent200c91bcd0cbd0e0be44ab09d69d30844bd3c307 (diff)
downloadopenbsd-OPENBSD_4_8.tar.gz
openbsd-OPENBSD_4_8.tar.bz2
openbsd-OPENBSD_4_8.zip
---------------------------- revision 1.8 date: 2011/02/10 22:40:27; author: djm; state: Exp; lines: +7 -1 fix for CVE-2011-0014 "OCSP stapling vulnerability"; ok markus@ jasper@ miod@ AFAIK nothing in base uses this, though apache2 from ports may be affected. ----------------------------
-rw-r--r--src/lib/libssl/src/ssl/t1_lib.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c
index 5d401c3572..0528309132 100644
--- a/src/lib/libssl/src/ssl/t1_lib.c
+++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -452,6 +452,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
452 } 452 }
453 n2s(data, idsize); 453 n2s(data, idsize);
454 dsize -= 2 + idsize; 454 dsize -= 2 + idsize;
455 size -= 2 + idsize;
455 if (dsize < 0) 456 if (dsize < 0)
456 { 457 {
457 *al = SSL_AD_DECODE_ERROR; 458 *al = SSL_AD_DECODE_ERROR;
@@ -490,9 +491,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
490 } 491 }
491 492
492 /* Read in request_extensions */ 493 /* Read in request_extensions */
494 if (size < 2)
495 {
496 *al = SSL_AD_DECODE_ERROR;
497 return 0;
498 }
493 n2s(data,dsize); 499 n2s(data,dsize);
494 size -= 2; 500 size -= 2;
495 if (dsize > size) 501 if (dsize != size)
496 { 502 {
497 *al = SSL_AD_DECODE_ERROR; 503 *al = SSL_AD_DECODE_ERROR;
498 return 0; 504 return 0;