1 |
eras 15/04/28 19:39:25 |
2 |
|
3 |
Added: CVE-2015-3420.patch |
4 |
Log: |
5 |
Security bump - bug #547872 |
6 |
|
7 |
(Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key 0x77F1F175586A3B1F) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 net-mail/dovecot/files/CVE-2015-3420.patch |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/dovecot/files/CVE-2015-3420.patch?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/dovecot/files/CVE-2015-3420.patch?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: CVE-2015-3420.patch |
16 |
=================================================================== |
17 |
--- a/src/login-common/ssl-proxy-openssl.c Sat Apr 25 12:16:07 2015 +0300 |
18 |
+++ b/src/login-common/ssl-proxy-openssl.c Tue Apr 28 11:27:04 2015 +0200 |
19 |
@@ -80,6 +80,7 @@ |
20 |
unsigned int cert_broken:1; |
21 |
unsigned int client_proxy:1; |
22 |
unsigned int flushing:1; |
23 |
+ unsigned int failed:1; |
24 |
}; |
25 |
|
26 |
struct ssl_parameters { |
27 |
@@ -131,6 +132,12 @@ |
28 |
static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set); |
29 |
#endif |
30 |
|
31 |
+static void ssl_proxy_destroy_failed(struct ssl_proxy *proxy) |
32 |
+{ |
33 |
+ proxy->failed = TRUE; |
34 |
+ ssl_proxy_destroy(proxy); |
35 |
+} |
36 |
+ |
37 |
static unsigned int ssl_server_context_hash(const struct ssl_server_context *ctx) |
38 |
{ |
39 |
unsigned int i, g, h = 0; |
40 |
@@ -462,7 +469,7 @@ |
41 |
|
42 |
if (errstr != NULL) { |
43 |
proxy->last_error = i_strdup(errstr); |
44 |
- ssl_proxy_destroy(proxy); |
45 |
+ ssl_proxy_destroy_failed(proxy); |
46 |
} |
47 |
ssl_proxy_unref(proxy); |
48 |
} |
49 |
@@ -492,7 +499,7 @@ |
50 |
|
51 |
if (proxy->handshake_callback != NULL) { |
52 |
if (proxy->handshake_callback(proxy->handshake_context) < 0) |
53 |
- ssl_proxy_destroy(proxy); |
54 |
+ ssl_proxy_destroy_failed(proxy); |
55 |
} |
56 |
} |
57 |
|
58 |
@@ -822,7 +829,8 @@ |
59 |
if (proxy->destroyed || proxy->flushing) |
60 |
return; |
61 |
proxy->flushing = TRUE; |
62 |
- ssl_proxy_flush(proxy); |
63 |
+ if (!proxy->failed && proxy->handshaked) |
64 |
+ ssl_proxy_flush(proxy); |
65 |
proxy->destroyed = TRUE; |
66 |
|
67 |
ssl_proxy_count--; |