From b850511ab24b1508c1dc181569465e7f0d0f46f4 Mon Sep 17 00:00:00 2001
From: tez <tez@pkgsrc.org>
Date: Wed, 10 Jun 2009 13:57:08 +0000
Subject: Patches for CVE-2009-1377, CVE-2009-1378 & CVE-2009-1379 from
 http://cvs.openssl.org/filediff?f=openssl/ssl/d1_both.c&v1=1.4.2.9&v2=1.4.2.10
 http://cvs.openssl.org/filediff?f=openssl/ssl/d1_both.c&v1=1.4.2.13&v2=1.4.2.15
 http://cvs.openssl.org/filediff?f=openssl/crypto/pqueue/pqueue.c&v1=1.2.2.4&v2=1.2.2.5
 http://cvs.openssl.org/filediff?f=openssl/crypto/pqueue/pqueue.h&v1=1.2.2.1&v2=1.2.2.2
 http://cvs.openssl.org/filediff?f=openssl/ssl/d1_pkt.c&v1=1.4.2.17&v2=1.4.2.18

---
 security/openssl/patches/patch-ba | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 security/openssl/patches/patch-ba

(limited to 'security/openssl/patches/patch-ba')

diff --git a/security/openssl/patches/patch-ba b/security/openssl/patches/patch-ba
new file mode 100644
index 00000000000..557e03224ed
--- /dev/null
+++ b/security/openssl/patches/patch-ba
@@ -0,0 +1,17 @@
+$NetBSD: patch-ba,v 1.1 2009/06/10 13:57:08 tez Exp $
+
+Part of CVE-2009-1377 fix.
+
+--- ssl/d1_pkt.c.orig	2009-06-08 18:58:13.784215600 -0500
++++ ssl/d1_pkt.c
+@@ -167,6 +167,10 @@ dtls1_buffer_record(SSL *s, record_pqueu
+     DTLS1_RECORD_DATA *rdata;
+ 	pitem *item;
+ 
++	/* Limit the size of the queue to prevent DOS attacks */
++	if (pqueue_size(queue->q) >= 100)
++		return 0;
++
+ 	rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
+ 	item = pitem_new(priority, rdata);
+ 	if (rdata == NULL || item == NULL)
-- 
cgit v1.2.3