summaryrefslogtreecommitdiff
path: root/openssl0.9.8/patches/CVE-2010-3864.patch
diff options
context:
space:
mode:
Diffstat (limited to 'openssl0.9.8/patches/CVE-2010-3864.patch')
-rw-r--r--openssl0.9.8/patches/CVE-2010-3864.patch45
1 files changed, 45 insertions, 0 deletions
diff --git a/openssl0.9.8/patches/CVE-2010-3864.patch b/openssl0.9.8/patches/CVE-2010-3864.patch
new file mode 100644
index 0000000..c2b2f7b
--- /dev/null
+++ b/openssl0.9.8/patches/CVE-2010-3864.patch
@@ -0,0 +1,45 @@
+Index: ssl/t1_lib.c
+===================================================================
+RCS file: /v/openssl/cvs/openssl/ssl/t1_lib.c,v
+retrieving revision 1.13.2.27
+diff -u -r1.13.2.27 t1_lib.c
+--- openssl/ssl/t1_lib.c 12 Jun 2010 13:18:58 -0000 1.13.2.27
++++ openssl/ssl/t1_lib.c 3 Nov 2010 23:44:54 -0000
+@@ -432,14 +432,23 @@
+ switch (servname_type)
+ {
+ case TLSEXT_NAMETYPE_host_name:
+- if (s->session->tlsext_hostname == NULL)
++ if (!s->hit)
+ {
+- if (len > TLSEXT_MAXLEN_host_name ||
+- ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL))
++ if(s->session->tlsext_hostname)
++ {
++ *al = SSL_AD_DECODE_ERROR;
++ return 0;
++ }
++ if (len > TLSEXT_MAXLEN_host_name)
+ {
+ *al = TLS1_AD_UNRECOGNIZED_NAME;
+ return 0;
+ }
++ if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)
++ {
++ *al = TLS1_AD_INTERNAL_ERROR;
++ return 0;
++ }
+ memcpy(s->session->tlsext_hostname, sdata, len);
+ s->session->tlsext_hostname[len]='\0';
+ if (strlen(s->session->tlsext_hostname) != len) {
+@@ -452,7 +461,8 @@
+
+ }
+ else
+- s->servername_done = strlen(s->session->tlsext_hostname) == len
++ s->servername_done = s->session->tlsext_hostname
++ && strlen(s->session->tlsext_hostname) == len
+ && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
+
+ break;
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-15 22:14:02 +0000