Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Mike Frysinger (vapier)" <vapier@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in dev-libs/openssl/files: openssl-0.9.8l-CVE-2009-1377.patch openssl-0.9.8l-CVE-2009-1378.patch openssl-0.9.8l-CVE-2009-1379.patch
Date: Thu, 05 Nov 2009 20:08:50
Message-Id: E1N68dU-0006Fg-Mr@stork.gentoo.org
1 vapier 09/11/05 20:08:48
2
3 Added: openssl-0.9.8l-CVE-2009-1377.patch
4 openssl-0.9.8l-CVE-2009-1378.patch
5 openssl-0.9.8l-CVE-2009-1379.patch
6 Log:
7 Add some patches from upstream #270305.
8 (Portage version: 2.2_rc46/cvs/Linux x86_64)
9
10 Revision Changes Path
11 1.1 dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1377.patch
12
13 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1377.patch?rev=1.1&view=markup
14 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1377.patch?rev=1.1&content-type=text/plain
15
16 Index: openssl-0.9.8l-CVE-2009-1377.patch
17 ===================================================================
18 http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
19
20 Index: openssl/crypto/pqueue/pqueue.c
21 RCS File: /v/openssl/cvs/openssl/crypto/pqueue/pqueue.c,v
22 rcsdiff -q -kk '-r1.2.2.4' '-r1.2.2.5' -u '/v/openssl/cvs/openssl/crypto/pqueue/pqueue.c,v' 2>/dev/null
23 --- crypto/pqueue/pqueue.c 2005/06/28 12:53:33 1.2.2.4
24 +++ crypto/pqueue/pqueue.c 2009/05/16 16:18:44 1.2.2.5
25 @@ -234,3 +234,17 @@
26
27 return ret;
28 }
29 +
30 +int
31 +pqueue_size(pqueue_s *pq)
32 +{
33 + pitem *item = pq->items;
34 + int count = 0;
35 +
36 + while(item != NULL)
37 + {
38 + count++;
39 + item = item->next;
40 + }
41 + return count;
42 +}
43 Index: openssl/crypto/pqueue/pqueue.h
44 RCS File: /v/openssl/cvs/openssl/crypto/pqueue/pqueue.h,v
45 rcsdiff -q -kk '-r1.2.2.1' '-r1.2.2.2' -u '/v/openssl/cvs/openssl/crypto/pqueue/pqueue.h,v' 2>/dev/null
46 --- crypto/pqueue/pqueue.h 2005/05/30 22:34:27 1.2.2.1
47 +++ crypto/pqueue/pqueue.h 2009/05/16 16:18:44 1.2.2.2
48 @@ -91,5 +91,6 @@
49 pitem *pqueue_next(piterator *iter);
50
51 void pqueue_print(pqueue pq);
52 +int pqueue_size(pqueue pq);
53
54 #endif /* ! HEADER_PQUEUE_H */
55 Index: openssl/ssl/d1_pkt.c
56 RCS File: /v/openssl/cvs/openssl/ssl/d1_pkt.c,v
57 rcsdiff -q -kk '-r1.4.2.17' '-r1.4.2.18' -u '/v/openssl/cvs/openssl/ssl/d1_pkt.c,v' 2>/dev/null
58 --- ssl/d1_pkt.c 2009/05/16 15:51:59 1.4.2.17
59 +++ ssl/d1_pkt.c 2009/05/16 16:18:45 1.4.2.18
60 @@ -167,6 +167,10 @@
61 DTLS1_RECORD_DATA *rdata;
62 pitem *item;
63
64 + /* Limit the size of the queue to prevent DOS attacks */
65 + if (pqueue_size(queue->q) >= 100)
66 + return 0;
67 +
68 rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
69 item = pitem_new(priority, rdata);
70 if (rdata == NULL || item == NULL)
71
72
73
74 1.1 dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1378.patch
75
76 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1378.patch?rev=1.1&view=markup
77 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1378.patch?rev=1.1&content-type=text/plain
78
79 Index: openssl-0.9.8l-CVE-2009-1378.patch
80 ===================================================================
81 http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
82
83 Index: ssl/d1_both.c
84 ===================================================================
85 --- ssl/d1_both.c.orig
86 +++ ssl/d1_both.c
87 @@ -561,7 +561,16 @@ dtls1_process_out_of_seq_message(SSL *s,
88 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
89 goto err;
90
91 - if (msg_hdr->seq <= s->d1->handshake_read_seq)
92 + /* Try to find item in queue, to prevent duplicate entries */
93 + pq_64bit_init(&seq64);
94 + pq_64bit_assign_word(&seq64, msg_hdr->seq);
95 + item = pqueue_find(s->d1->buffered_messages, seq64);
96 + pq_64bit_free(&seq64);
97 +
98 + /* Discard the message if sequence number was already there, is
99 + * too far in the future or the fragment is already in the queue */
100 + if (msg_hdr->seq <= s->d1->handshake_read_seq ||
101 + msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL)
102 {
103 unsigned char devnull [256];
104
105
106
107
108 1.1 dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1379.patch
109
110 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1379.patch?rev=1.1&view=markup
111 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1379.patch?rev=1.1&content-type=text/plain
112
113 Index: openssl-0.9.8l-CVE-2009-1379.patch
114 ===================================================================
115 Index: openssl/ssl/d1_both.c
116 RCS File: /v/openssl/cvs/openssl/ssl/d1_both.c,v
117 rcsdiff -q -kk '-r1.14.2.6' '-r1.14.2.7' -u '/v/openssl/cvs/openssl/ssl/d1_both.c,v' 2>/dev/null
118 --- d1_both.c 2009/04/22 12:17:02 1.14.2.6
119 +++ d1_both.c 2009/05/13 11:51:30 1.14.2.7
120 @@ -519,6 +519,7 @@
121
122 if ( s->d1->handshake_read_seq == frag->msg_header.seq)
123 {
124 + unsigned long frag_len = frag->msg_header.frag_len;
125 pqueue_pop(s->d1->buffered_messages);
126
127 al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
128 @@ -536,7 +537,7 @@
129 if (al==0)
130 {
131 *ok = 1;
132 - return frag->msg_header.frag_len;
133 + return frag_len;
134 }
135
136 ssl3_send_alert(s,SSL3_AL_FATAL,al);
Report Message
Find on MARC Find on Google Groups