/[smeserver]/rpms/openssl/sme8/openssl-fips-0.9.8e-cve-2009-4355.patch
ViewVC logotype

Contents of /rpms/openssl/sme8/openssl-fips-0.9.8e-cve-2009-4355.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Tue Feb 18 03:03:09 2014 UTC (10 years, 9 months ago) by wellsi
Branch: MAIN
CVS Tags: openssl-0_9_8e-28_el5_sme, openssl-0_9_8e-33_1_el5_sme, openssl-0_9_8e-32_1_el5_sme, openssl-0_9_8e-27_1_el5_sme, openssl-0_9_8e-27_el5_10_1, openssl-0_9_8e-31_1_el5_sme, HEAD
Branch point for: upstream
Initial import

1 Modify compression code so it frees up structures without using the
2 ex_data callbacks. This works around a problem where some applications
3 call CRYPTO_free_all_ex_data() before application exit (e.g. when
4 restarting) then use compression (e.g. SSL with compression) later.
5 This results in significant per-connection memory leaks and
6 has caused some security issues including CVE-2008-1678 and
7 CVE-2009-4355. [Steve Henson]
8 diff -up openssl-fips-0.9.8e/crypto/comp/c_zlib.c.compleak openssl-fips-0.9.8e/crypto/comp/c_zlib.c
9 --- openssl-fips-0.9.8e/crypto/comp/c_zlib.c.compleak 2007-02-14 22:50:26.000000000 +0100
10 +++ openssl-fips-0.9.8e/crypto/comp/c_zlib.c 2010-01-14 09:32:46.000000000 +0100
11 @@ -133,15 +133,6 @@ struct zlib_state
12
13 static int zlib_stateful_ex_idx = -1;
14
15 -static void zlib_stateful_free_ex_data(void *obj, void *item,
16 - CRYPTO_EX_DATA *ad, int ind,long argl, void *argp)
17 - {
18 - struct zlib_state *state = (struct zlib_state *)item;
19 - inflateEnd(&state->istream);
20 - deflateEnd(&state->ostream);
21 - OPENSSL_free(state);
22 - }
23 -
24 static int zlib_stateful_init(COMP_CTX *ctx)
25 {
26 int err;
27 @@ -185,6 +176,12 @@ static int zlib_stateful_init(COMP_CTX *
28
29 static void zlib_stateful_finish(COMP_CTX *ctx)
30 {
31 + struct zlib_state *state =
32 + (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
33 + zlib_stateful_ex_idx);
34 + inflateEnd(&state->istream);
35 + deflateEnd(&state->ostream);
36 + OPENSSL_free(state);
37 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
38 }
39
40 @@ -396,7 +393,7 @@ COMP_METHOD *COMP_zlib(void)
41 if (zlib_stateful_ex_idx == -1)
42 zlib_stateful_ex_idx =
43 CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,
44 - 0,NULL,NULL,NULL,zlib_stateful_free_ex_data);
45 + 0,NULL,NULL,NULL,NULL);
46 CRYPTO_w_unlock(CRYPTO_LOCK_COMP);
47 if (zlib_stateful_ex_idx == -1)
48 goto err;

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed