diff options
Diffstat (limited to 'openssl0.9.8/patches/CVE-2012-2333.patch')
-rw-r--r-- | openssl0.9.8/patches/CVE-2012-2333.patch | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/openssl0.9.8/patches/CVE-2012-2333.patch b/openssl0.9.8/patches/CVE-2012-2333.patch new file mode 100644 index 0000000..2476ee3 --- /dev/null +++ b/openssl0.9.8/patches/CVE-2012-2333.patch @@ -0,0 +1,13 @@ +Index: openssl-0.9.8o/ssl/d1_enc.c +=================================================================== +--- openssl-0.9.8o.orig/ssl/d1_enc.c ++++ openssl-0.9.8o/ssl/d1_enc.c +@@ -257,7 +257,7 @@ int dtls1_enc(SSL *s, int send) + } + /* TLS 1.0 does not bound the number of padding bytes by the block size. + * All of them must have value 'padding_length'. */ +- if (i > (int)rec->length) ++ if (i + bs > (int)rec->length) + { + /* Incorrect padding. SSLerr() and ssl3_alert are done + * by caller: we don't want to reveal whether this is |