Patches for CVE-2009-1377, CVE-2009-1378 & CVE-2009-1379 from

http://cvs.openssl.org/filediff?f=openssl/ssl/d1_both.c&v1=1.4.2.9&v2=1.4.2.10 http://cvs.openssl.org/filediff?f=openssl/ssl/d1_both.c&v1=1.4.2.13&v2=1.4.2.15 http://cvs.openssl.org/filediff?f=openssl/crypto/pqueue/pqueue.c&v1=1.2.2.4&v2=1.2.2.5 http://cvs.openssl.org/filediff?f=openssl/crypto/pqueue/pqueue.h&v1=1.2.2.1&v2=1.2.2.2 http://cvs.openssl.org/filediff?f=openssl/ssl/d1_pkt.c&v1=1.4.2.17&v2=1.4.2.18
author: tez <tez@pkgsrc.org> 2009-06-10 13:57:08 +0000
committer: tez <tez@pkgsrc.org> 2009-06-10 13:57:08 +0000
commit: b850511ab24b1508c1dc181569465e7f0d0f46f4 (patch)
tree: 1a4954ebdc26070a26f4106571768edef1850c18 /security/openssl/patches/patch-ba
parent: 43b8fdf2cf4a05ff341fc0eb624f507e6b0bbb36 (diff)
download: pkgsrc-b850511ab24b1508c1dc181569465e7f0d0f46f4.tar.gz
1 files changed, 17 insertions, 0 deletions
diff --git a/security/openssl/patches/patch-ba b/security/openssl/patches/patch-ba
new file mode 100644
index 00000000000..557e03224ed
--- /dev/null
+++ b/security/openssl/patches/patch-ba
@@ -0,0 +1,17 @@
+$NetBSD: patch-ba,v 1.1 2009/06/10 13:57:08 tez Exp $
+
+Part of CVE-2009-1377 fix.
+
+--- ssl/d1_pkt.c.orig	2009-06-08 18:58:13.784215600 -0500
++++ ssl/d1_pkt.c
+@@ -167,6 +167,10 @@ dtls1_buffer_record(SSL *s, record_pqueu
+     DTLS1_RECORD_DATA *rdata;
+ 	pitem *item;
+ 
++	/* Limit the size of the queue to prevent DOS attacks */
++	if (pqueue_size(queue->q) >= 100)
++		return 0;
++
+ 	rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
+ 	item = pitem_new(priority, rdata);
+ 	if (rdata == NULL || item == NULL)
author	tez <tez@pkgsrc.org>	2009-06-10 13:57:08 +0000
committer	tez <tez@pkgsrc.org>	2009-06-10 13:57:08 +0000
commit	b850511ab24b1508c1dc181569465e7f0d0f46f4 (patch)
tree	1a4954ebdc26070a26f4106571768edef1850c18 /security/openssl/patches/patch-ba
parent	43b8fdf2cf4a05ff341fc0eb624f507e6b0bbb36 (diff)
download	pkgsrc-b850511ab24b1508c1dc181569465e7f0d0f46f4.tar.gz