diff options
| author | jasper <> | 2010-04-14 12:41:05 +0000 |
|---|---|---|
| committer | jasper <> | 2010-04-14 12:41:05 +0000 |
| commit | 9566d97d91fecf6448578e21116b0bc95b9a5e0c (patch) | |
| tree | 912e210fca8ea84c2e455617b2ad822c717c6383 | |
| parent | 3368464972faf5ed33853fda5c0505f9af93fbec (diff) | |
| download | openbsd-9566d97d91fecf6448578e21116b0bc95b9a5e0c.tar.gz openbsd-9566d97d91fecf6448578e21116b0bc95b9a5e0c.tar.bz2 openbsd-9566d97d91fecf6448578e21116b0bc95b9a5e0c.zip | |
Security fix for CVE-2010-0740
"In TLS connections, certain incorrectly formatted records can cause an OpenSSL
client or server to crash due to a read attempt at NULL."
http://openssl.org/news/secadv_20100324.txt
ok deraadt@ djm@ sthen@
| -rw-r--r-- | src/lib/libssl/s3_pkt.c | 7 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_pkt.c | 7 |
2 files changed, 8 insertions, 6 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index b98b84044f..515739c08c 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c | |||
| @@ -282,9 +282,10 @@ again: | |||
| 282 | if (version != s->version) | 282 | if (version != s->version) |
| 283 | { | 283 | { |
| 284 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); | 284 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); |
| 285 | /* Send back error using their | 285 | if ((s->version & 0xFF00) == (version & 0xFF00)) |
| 286 | * version number :-) */ | 286 | /* Send back error using their |
| 287 | s->version=version; | 287 | * minor version number :-) */ |
| 288 | s->version = (unsigned short)version; | ||
| 288 | al=SSL_AD_PROTOCOL_VERSION; | 289 | al=SSL_AD_PROTOCOL_VERSION; |
| 289 | goto f_err; | 290 | goto f_err; |
| 290 | } | 291 | } |
diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c index b98b84044f..515739c08c 100644 --- a/src/lib/libssl/src/ssl/s3_pkt.c +++ b/src/lib/libssl/src/ssl/s3_pkt.c | |||
| @@ -282,9 +282,10 @@ again: | |||
| 282 | if (version != s->version) | 282 | if (version != s->version) |
| 283 | { | 283 | { |
| 284 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); | 284 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); |
| 285 | /* Send back error using their | 285 | if ((s->version & 0xFF00) == (version & 0xFF00)) |
| 286 | * version number :-) */ | 286 | /* Send back error using their |
| 287 | s->version=version; | 287 | * minor version number :-) */ |
| 288 | s->version = (unsigned short)version; | ||
| 288 | al=SSL_AD_PROTOCOL_VERSION; | 289 | al=SSL_AD_PROTOCOL_VERSION; |
| 289 | goto f_err; | 290 | goto f_err; |
| 290 | } | 291 | } |