/[smeserver]/rpms/openssl/sme8/openssl-fips-0.9.8e-cve-2012-2333.patch
ViewVC logotype

Contents of /rpms/openssl/sme8/openssl-fips-0.9.8e-cve-2012-2333.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Tue Feb 18 03:03:09 2014 UTC (10 years, 9 months ago) by wellsi
Branch: MAIN
CVS Tags: openssl-0_9_8e-28_el5_sme, openssl-0_9_8e-33_1_el5_sme, openssl-0_9_8e-32_1_el5_sme, openssl-0_9_8e-27_1_el5_sme, openssl-0_9_8e-27_el5_10_1, openssl-0_9_8e-31_1_el5_sme, HEAD
Branch point for: upstream
Initial import

1 Sanity check record length before skipping explicit IV in DTLS
2 to fix DoS attack.
3 Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
4 fuzzing as a service testing platform.
5 (CVE-2012-2333)
6 diff -up openssl-fips-0.9.8e/ssl/d1_enc.c.reclen openssl-fips-0.9.8e/ssl/d1_enc.c
7 --- openssl-fips-0.9.8e/ssl/d1_enc.c.reclen 2006-02-08 20:16:32.000000000 +0100
8 +++ openssl-fips-0.9.8e/ssl/d1_enc.c 2012-05-15 12:14:25.510013029 +0200
9 @@ -252,7 +252,7 @@ int dtls1_enc(SSL *s, int send)
10 }
11 /* TLS 1.0 does not bound the number of padding bytes by the block size.
12 * All of them must have value 'padding_length'. */
13 - if (i > (int)rec->length)
14 + if (i + bs > (int)rec->length)
15 {
16 /* Incorrect padding. SSLerr() and ssl3_alert are done
17 * by caller: we don't want to reveal whether this is

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed