diff options
| author | deraadt <> | 2014-08-06 23:16:16 +0000 | 
|---|---|---|
| committer | deraadt <> | 2014-08-06 23:16:16 +0000 | 
| commit | 4a67d2ffdf3376c2bdecf5e82c81a2176ac56cbe (patch) | |
| tree | fa3d3dd67221a2e909d9ec171b8ddc29b600ab97 /src | |
| parent | 088206e82081496a5fc88d9c1aa6f22251391e2e (diff) | |
| download | openbsd-4a67d2ffdf3376c2bdecf5e82c81a2176ac56cbe.tar.gz openbsd-4a67d2ffdf3376c2bdecf5e82c81a2176ac56cbe.tar.bz2 openbsd-4a67d2ffdf3376c2bdecf5e82c81a2176ac56cbe.zip | |
merge fix for CVE-2014-3509 -- basically a missing s->hit check; ok guenther
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_lib.c | 22 | ||||
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 22 | 
2 files changed, 26 insertions, 18 deletions
| diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c index 0966e78b4d..eebe6897ef 100644 --- a/src/lib/libssl/src/ssl/t1_lib.c +++ b/src/lib/libssl/src/ssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.52 2014/07/13 16:33:01 jsing Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.53 2014/08/06 23:16:16 deraadt Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -1339,16 +1339,20 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1339 | *al = TLS1_AD_DECODE_ERROR; | 1339 | *al = TLS1_AD_DECODE_ERROR; | 
| 1340 | return 0; | 1340 | return 0; | 
| 1341 | } | 1341 | } | 
| 1342 | s->session->tlsext_ecpointformatlist_length = 0; | 1342 | if (s->hit) { | 
| 1343 | free(s->session->tlsext_ecpointformatlist); | ||
| 1344 | s->session->tlsext_ecpointformatlist_length = 0; | ||
| 1343 | 1345 | ||
| 1344 | free(s->session->tlsext_ecpointformatlist); | 1346 | if ((s->session->tlsext_ecpointformatlist = | 
| 1345 | if ((s->session->tlsext_ecpointformatlist = | 1347 | malloc(ecpointformatlist_length)) == NULL) { | 
| 1346 | malloc(ecpointformatlist_length)) == NULL) { | 1348 | *al = TLS1_AD_INTERNAL_ERROR; | 
| 1347 | *al = TLS1_AD_INTERNAL_ERROR; | 1349 | return 0; | 
| 1348 | return 0; | 1350 | } | 
| 1351 | s->session->tlsext_ecpointformatlist_length = | ||
| 1352 | ecpointformatlist_length; | ||
| 1353 | memcpy(s->session->tlsext_ecpointformatlist, | ||
| 1354 | sdata, ecpointformatlist_length); | ||
| 1349 | } | 1355 | } | 
| 1350 | s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; | ||
| 1351 | memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); | ||
| 1352 | } | 1356 | } | 
| 1353 | else if (type == TLSEXT_TYPE_session_ticket) { | 1357 | else if (type == TLSEXT_TYPE_session_ticket) { | 
| 1354 | if (s->tls_session_ticket_ext_cb && | 1358 | if (s->tls_session_ticket_ext_cb && | 
| diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 0966e78b4d..eebe6897ef 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.52 2014/07/13 16:33:01 jsing Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.53 2014/08/06 23:16:16 deraadt Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -1339,16 +1339,20 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1339 | *al = TLS1_AD_DECODE_ERROR; | 1339 | *al = TLS1_AD_DECODE_ERROR; | 
| 1340 | return 0; | 1340 | return 0; | 
| 1341 | } | 1341 | } | 
| 1342 | s->session->tlsext_ecpointformatlist_length = 0; | 1342 | if (s->hit) { | 
| 1343 | free(s->session->tlsext_ecpointformatlist); | ||
| 1344 | s->session->tlsext_ecpointformatlist_length = 0; | ||
| 1343 | 1345 | ||
| 1344 | free(s->session->tlsext_ecpointformatlist); | 1346 | if ((s->session->tlsext_ecpointformatlist = | 
| 1345 | if ((s->session->tlsext_ecpointformatlist = | 1347 | malloc(ecpointformatlist_length)) == NULL) { | 
| 1346 | malloc(ecpointformatlist_length)) == NULL) { | 1348 | *al = TLS1_AD_INTERNAL_ERROR; | 
| 1347 | *al = TLS1_AD_INTERNAL_ERROR; | 1349 | return 0; | 
| 1348 | return 0; | 1350 | } | 
| 1351 | s->session->tlsext_ecpointformatlist_length = | ||
| 1352 | ecpointformatlist_length; | ||
| 1353 | memcpy(s->session->tlsext_ecpointformatlist, | ||
| 1354 | sdata, ecpointformatlist_length); | ||
| 1349 | } | 1355 | } | 
| 1350 | s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; | ||
| 1351 | memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); | ||
| 1352 | } | 1356 | } | 
| 1353 | else if (type == TLSEXT_TYPE_session_ticket) { | 1357 | else if (type == TLSEXT_TYPE_session_ticket) { | 
| 1354 | if (s->tls_session_ticket_ext_cb && | 1358 | if (s->tls_session_ticket_ext_cb && | 
