From 6435c2740e6061a4a10556edceabd0175e40c14e Mon Sep 17 00:00:00 2001
From: djm <>
Date: Fri, 11 Feb 2011 03:23:39 +0000
Subject: MFC:

----------------------------
revision 1.8
date: 2011/02/10 22:40:27;  author: djm;  state: Exp;  lines: +7 -1
fix for CVE-2011-0014 "OCSP stapling vulnerability";
ok markus@ jasper@ miod@

AFAIK nothing in base uses this, though apache2 from ports may be affected.
----------------------------
---
 src/lib/libssl/src/ssl/t1_lib.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c
index 5d401c3572..0528309132 100644
--- a/src/lib/libssl/src/ssl/t1_lib.c
+++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -452,6 +452,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 						}
 					n2s(data, idsize);
 					dsize -= 2 + idsize;
+					size -= 2 + idsize;
 					if (dsize < 0)
 						{
 						*al = SSL_AD_DECODE_ERROR;
@@ -490,9 +491,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 					}
 
 				/* Read in request_extensions */
+				if (size < 2)
+					{
+					*al = SSL_AD_DECODE_ERROR;
+					return 0;
+					}
 				n2s(data,dsize);
 				size -= 2;
-				if (dsize > size) 
+				if (dsize != size)
 					{
 					*al = SSL_AD_DECODE_ERROR;
 					return 0;
-- 
cgit v1.2.3-55-g6feb