summaryrefslogtreecommitdiff
path: root/security/openssl/patches/patch-ba
diff options
context:
space:
mode:
Diffstat (limited to 'security/openssl/patches/patch-ba')
-rw-r--r--security/openssl/patches/patch-ba17
1 files changed, 17 insertions, 0 deletions
diff --git a/security/openssl/patches/patch-ba b/security/openssl/patches/patch-ba
new file mode 100644
index 00000000000..557e03224ed
--- /dev/null
+++ b/security/openssl/patches/patch-ba
@@ -0,0 +1,17 @@
+$NetBSD: patch-ba,v 1.1 2009/06/10 13:57:08 tez Exp $
+
+Part of CVE-2009-1377 fix.
+
+--- ssl/d1_pkt.c.orig 2009-06-08 18:58:13.784215600 -0500
++++ ssl/d1_pkt.c
+@@ -167,6 +167,10 @@ dtls1_buffer_record(SSL *s, record_pqueu
+ DTLS1_RECORD_DATA *rdata;
+ pitem *item;
+
++ /* Limit the size of the queue to prevent DOS attacks */
++ if (pqueue_size(queue->q) >= 100)
++ return 0;
++
+ rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
+ item = pitem_new(priority, rdata);
+ if (rdata == NULL || item == NULL)
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-17 05:52:45 +0000