diff options
author | tez <tez@pkgsrc.org> | 2009-06-10 13:57:08 +0000 |
---|---|---|
committer | tez <tez@pkgsrc.org> | 2009-06-10 13:57:08 +0000 |
commit | b850511ab24b1508c1dc181569465e7f0d0f46f4 (patch) | |
tree | 1a4954ebdc26070a26f4106571768edef1850c18 /security/openssl/patches/patch-ba | |
parent | 43b8fdf2cf4a05ff341fc0eb624f507e6b0bbb36 (diff) | |
download | pkgsrc-b850511ab24b1508c1dc181569465e7f0d0f46f4.tar.gz |
Patches for CVE-2009-1377, CVE-2009-1378 & CVE-2009-1379 from
http://cvs.openssl.org/filediff?f=openssl/ssl/d1_both.c&v1=1.4.2.9&v2=1.4.2.10
http://cvs.openssl.org/filediff?f=openssl/ssl/d1_both.c&v1=1.4.2.13&v2=1.4.2.15
http://cvs.openssl.org/filediff?f=openssl/crypto/pqueue/pqueue.c&v1=1.2.2.4&v2=1.2.2.5
http://cvs.openssl.org/filediff?f=openssl/crypto/pqueue/pqueue.h&v1=1.2.2.1&v2=1.2.2.2
http://cvs.openssl.org/filediff?f=openssl/ssl/d1_pkt.c&v1=1.4.2.17&v2=1.4.2.18
Diffstat (limited to 'security/openssl/patches/patch-ba')
-rw-r--r-- | security/openssl/patches/patch-ba | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/security/openssl/patches/patch-ba b/security/openssl/patches/patch-ba new file mode 100644 index 00000000000..557e03224ed --- /dev/null +++ b/security/openssl/patches/patch-ba @@ -0,0 +1,17 @@ +$NetBSD: patch-ba,v 1.1 2009/06/10 13:57:08 tez Exp $ + +Part of CVE-2009-1377 fix. + +--- ssl/d1_pkt.c.orig 2009-06-08 18:58:13.784215600 -0500 ++++ ssl/d1_pkt.c +@@ -167,6 +167,10 @@ dtls1_buffer_record(SSL *s, record_pqueu + DTLS1_RECORD_DATA *rdata; + pitem *item; + ++ /* Limit the size of the queue to prevent DOS attacks */ ++ if (pqueue_size(queue->q) >= 100) ++ return 0; ++ + rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); + item = pitem_new(priority, rdata); + if (rdata == NULL || item == NULL) |