summaryrefslogtreecommitdiff
path: root/openssl0.9.8/patches/CVE-2011-4109.patch
diff options
context:
space:
mode:
authorIgor Pashev <igor.pashev@nexenta.com>2012-10-26 17:19:15 +0400
committerIgor Pashev <igor.pashev@nexenta.com>2012-10-26 17:19:15 +0400
commita5fa80e2a069e35331af10369d810b4daa63635b (patch)
treecde72d630e4066581f9818b3a506b6433e343923 /openssl0.9.8/patches/CVE-2011-4109.patch
parenta66434a8c8bc288d863e0f649e8e465ac4525043 (diff)
downloadcibs-pkgs-a5fa80e2a069e35331af10369d810b4daa63635b.tar.gz
openssl 0.9.8 mostly done
Diffstat (limited to 'openssl0.9.8/patches/CVE-2011-4109.patch')
-rw-r--r--openssl0.9.8/patches/CVE-2011-4109.patch60
1 files changed, 60 insertions, 0 deletions
diff --git a/openssl0.9.8/patches/CVE-2011-4109.patch b/openssl0.9.8/patches/CVE-2011-4109.patch
new file mode 100644
index 0000000..b602938
--- /dev/null
+++ b/openssl0.9.8/patches/CVE-2011-4109.patch
@@ -0,0 +1,60 @@
+diff --git a/crypto/x509v3/pcy_map.c b/crypto/x509v3/pcy_map.c
+index f28796e..acd2ede 100644
+--- a/crypto/x509v3/pcy_map.c
++++ b/crypto/x509v3/pcy_map.c
+@@ -70,8 +70,6 @@ static int ref_cmp(const X509_POLICY_REF * const *a,
+
+ static void policy_map_free(X509_POLICY_REF *map)
+ {
+- if (map->subjectDomainPolicy)
+- ASN1_OBJECT_free(map->subjectDomainPolicy);
+ OPENSSL_free(map);
+ }
+
+@@ -95,6 +93,7 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
+ {
+ POLICY_MAPPING *map;
+ X509_POLICY_REF *ref = NULL;
++ ASN1_OBJECT *subjectDomainPolicyRef;
+ X509_POLICY_DATA *data;
+ X509_POLICY_CACHE *cache = x->policy_cache;
+ int i;
+@@ -153,13 +152,16 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
+ if (!sk_ASN1_OBJECT_push(data->expected_policy_set,
+ map->subjectDomainPolicy))
+ goto bad_mapping;
++ /* map->subjectDomainPolicy will be freed when
++ * cache->data is freed. Set it to NULL to avoid double-free. */
++ subjectDomainPolicyRef = map->subjectDomainPolicy;
++ map->subjectDomainPolicy = NULL;
+
+ ref = OPENSSL_malloc(sizeof(X509_POLICY_REF));
+ if (!ref)
+ goto bad_mapping;
+
+- ref->subjectDomainPolicy = map->subjectDomainPolicy;
+- map->subjectDomainPolicy = NULL;
++ ref->subjectDomainPolicy = subjectDomainPolicyRef;
+ ref->data = data;
+
+ if (!sk_X509_POLICY_REF_push(cache->maps, ref))
+diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
+index 89f84bf..92ad0a2 100644
+--- a/crypto/x509v3/pcy_tree.c
++++ b/crypto/x509v3/pcy_tree.c
+@@ -612,6 +612,10 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
+ case 2:
+ return 1;
+
++ /* Some internal error */
++ case -1:
++ return -1;
++
+ /* Some internal error */
+ case 0:
+ return 0;
+@@ -691,4 +695,3 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
+ return 0;
+
+ }
+-
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-21 20:28:32 +0000