diff options
| author |   Doug Goldstein <cardoe@gentoo.org> | 2008-05-30 21:30:29 +0000 |
|---|---|---|
| committer | Doug Goldstein <cardoe@gentoo.org> | 2008-05-30 21:30:29 +0000 |
| commit | b013dcb3f0188e4954d9b9a862fbb2ae326bf16e (patch) | |
| tree | dc434be9ae3c9f8ffbe40316b412e755464b2951 /dev-libs/openssl/files | |
| parent | Cleanup. (diff) | |
| download | gentoo-2-b013dcb3f0188e4954d9b9a862fbb2ae326bf16e.tar.gz gentoo-2-b013dcb3f0188e4954d9b9a862fbb2ae326bf16e.tar.bz2 gentoo-2-b013dcb3f0188e4954d9b9a862fbb2ae326bf16e.zip | |
Security fix for CVE-2008-0891 & CVE-2008-1672. bug #223429
(Portage version: 2.1.5.2)
Diffstat (limited to 'dev-libs/openssl/files')
| -rw-r--r-- | dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-0891.patch | 15 | ||||
| -rw-r--r-- | dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-1672.patch | 21 |
2 files changed, 36 insertions, 0 deletions
diff --git a/dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-0891.patch b/dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-0891.patch new file mode 100644 index 000000000000..840bfb02ebd5 --- /dev/null +++ b/dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-0891.patch @@ -0,0 +1,15 @@ +Index: ssl/t1_lib.c +=================================================================== +RCS file: /e/openssl/cvs/openssl/ssl/t1_lib.c,v +retrieving revision 1.13.2.8 +diff -u -r1.13.2.8 t1_lib.c +--- ssl/t1_lib.c 18 Oct 2007 11:39:11 -0000 1.13.2.8 ++++ ssl/t1_lib.c 18 Mar 2008 12:06:58 -0000 +@@ -381,6 +381,7 @@ + s->session->tlsext_hostname[len]='\0'; + if (strlen(s->session->tlsext_hostname) != len) { + OPENSSL_free(s->session->tlsext_hostname); ++ s->session->tlsext_hostname = NULL; + *al = TLS1_AD_UNRECOGNIZED_NAME; + return 0; + } diff --git a/dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-1672.patch b/dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-1672.patch new file mode 100644 index 000000000000..9aa07e97e631 --- /dev/null +++ b/dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-1672.patch @@ -0,0 +1,21 @@ +Index: ssl/s3_clnt.c +=================================================================== +RCS file: /e/openssl/cvs/openssl/ssl/s3_clnt.c,v +retrieving revision 1.88.2.12 +diff -u -r1.88.2.12 s3_clnt.c +--- ssl/s3_clnt.c 3 Nov 2007 13:07:39 -0000 1.88.2.12 ++++ ssl/s3_clnt.c 22 May 2008 09:19:30 -0000 +@@ -2061,6 +2061,13 @@ + { + DH *dh_srvr,*dh_clnt; + ++ if (s->session->sess_cert == NULL) ++ { ++ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); ++ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); ++ goto err; ++ } ++ + if (s->session->sess_cert->peer_dh_tmp != NULL) + dh_srvr=s->session->sess_cert->peer_dh_tmp; + else |