summaryrefslogtreecommitdiff
path: root/openssl0.9.8/patches/CVE-2012-2333.patch
diff options
context:
space:
mode:
Diffstat (limited to 'openssl0.9.8/patches/CVE-2012-2333.patch')
-rw-r--r--openssl0.9.8/patches/CVE-2012-2333.patch13
1 files changed, 13 insertions, 0 deletions
diff --git a/openssl0.9.8/patches/CVE-2012-2333.patch b/openssl0.9.8/patches/CVE-2012-2333.patch
new file mode 100644
index 0000000..2476ee3
--- /dev/null
+++ b/openssl0.9.8/patches/CVE-2012-2333.patch
@@ -0,0 +1,13 @@
+Index: openssl-0.9.8o/ssl/d1_enc.c
+===================================================================
+--- openssl-0.9.8o.orig/ssl/d1_enc.c
++++ openssl-0.9.8o/ssl/d1_enc.c
+@@ -257,7 +257,7 @@ int dtls1_enc(SSL *s, int send)
+ }
+ /* TLS 1.0 does not bound the number of padding bytes by the block size.
+ * All of them must have value 'padding_length'. */
+- if (i > (int)rec->length)
++ if (i + bs > (int)rec->length)
+ {
+ /* Incorrect padding. SSLerr() and ssl3_alert are done
+ * by caller: we don't want to reveal whether this is
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-16 02:03:04 +0000