Fix OCSP stapling parse error (CVE-2011-0014)
Kurt Roeckx
13 years ago
|
0 |
openssl (0.9.8o-4squeeze1) unstable; urgency=low
|
|
1 |
|
|
2 |
* Fix OCSP stapling parse error (CVE-2011-0014)
|
|
3 |
|
|
4 |
-- Kurt Roeckx <kurt@roeckx.be> Thu, 10 Feb 2011 19:06:09 +0100
|
|
5 |
|
0 | 6 |
openssl (0.9.8o-4) unstable; urgency=low
|
1 | 7 |
|
2 | 8 |
* Fix CVE-2010-4180 (Closes: #529221)
|
|
0 |
--- a/ssl/t1_lib.c 25 Nov 2010 12:28:28 -0000 1.64.2.17
|
|
1 |
+++ b/ssl/t1_lib.c 8 Feb 2011 00:00:00 -0000
|
|
2 |
@@ -917,6 +917,7 @@
|
|
3 |
}
|
|
4 |
n2s(data, idsize);
|
|
5 |
dsize -= 2 + idsize;
|
|
6 |
+ size -= 2 + idsize;
|
|
7 |
if (dsize < 0)
|
|
8 |
{
|
|
9 |
*al = SSL_AD_DECODE_ERROR;
|
|
10 |
@@ -955,9 +956,14 @@
|
|
11 |
}
|
|
12 |
|
|
13 |
/* Read in request_extensions */
|
|
14 |
+ if (size < 2)
|
|
15 |
+ {
|
|
16 |
+ *al = SSL_AD_DECODE_ERROR;
|
|
17 |
+ return 0;
|
|
18 |
+ }
|
|
19 |
n2s(data,dsize);
|
|
20 |
size -= 2;
|
|
21 |
- if (dsize > size)
|
|
22 |
+ if (dsize != size)
|
|
23 |
{
|
|
24 |
*al = SSL_AD_DECODE_ERROR;
|
|
25 |
return 0;
|
|
26 |
|
20 | 20 |
CVE-2010-2939.patch
|
21 | 21 |
CVE-2010-3864.patch
|
22 | 22 |
CVE-2010-4180.patch
|
|
23 |
CVE-2011-0014.patch
|