svn commit: r196463 - vendor-crypto/openssl/dist/ssl
Simon L. Nielsen
simon at FreeBSD.org
Sun Aug 23 14:15:29 UTC 2009
Author: simon
Date: Sun Aug 23 14:15:28 2009
New Revision: 196463
URL: http://svn.freebsd.org/changeset/base/196463
Log:
Import DTLS fix from upstream OpenSSL 0.9.8 branch:
Do not access freed data structure.
Note that this will not get FreeBSD Security Advisory as DTLS is
experimental in OpenSSL.
Security: CVE-2009-1379
Obtained from: OpenSSL CVS
http://cvs.openssl.org/chngview?cn=18156
Modified:
vendor-crypto/openssl/dist/ssl/d1_both.c
Modified: vendor-crypto/openssl/dist/ssl/d1_both.c
==============================================================================
--- vendor-crypto/openssl/dist/ssl/d1_both.c Sun Aug 23 14:12:01 2009 (r196462)
+++ vendor-crypto/openssl/dist/ssl/d1_both.c Sun Aug 23 14:15:28 2009 (r196463)
@@ -519,6 +519,7 @@ dtls1_retrieve_buffered_fragment(SSL *s,
if ( s->d1->handshake_read_seq == frag->msg_header.seq)
{
+ unsigned long frag_len = frag->msg_header.frag_len;
pqueue_pop(s->d1->buffered_messages);
al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
@@ -536,7 +537,7 @@ dtls1_retrieve_buffered_fragment(SSL *s,
if (al==0)
{
*ok = 1;
- return frag->msg_header.frag_len;
+ return frag_len;
}
ssl3_send_alert(s,SSL3_AL_FATAL,al);
More information about the svn-src-vendor
mailing list