diff options
| author | Mark H Weaver <mhw@netris.org> | 2014-04-21 10:04:17 -0400 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2014-04-22 08:55:43 -0400 |
| commit | 0815f8f9a217ddc2bbe1cf74d10d54aafa2d9063 (patch) | |
| tree | 0c5a50f67074f74509a91cd09e968129f5cd11f1 /gnu/packages/patches/openssl-CVE-2010-5298.patch | |
| parent | 6ef3644e3462d4a98323f556eefa92a6765ed437 (diff) | |
| download | guix-patches-0815f8f9a217ddc2bbe1cf74d10d54aafa2d9063.tar guix-patches-0815f8f9a217ddc2bbe1cf74d10d54aafa2d9063.tar.gz | |
gnu: openssl: Fixes for CVE-2010-5298 and extension checking.
* gnu/packages/patches/openssl-CVE-2010-5298.patch: New file.
* gnu/packages/patches/openssl-extension-checking-fixes.patch: New file.
* gnu/packages/openssl.scm (openssl): Add them.
* gnu-system.am (dist_patch_DATA): Add them.
Diffstat (limited to 'gnu/packages/patches/openssl-CVE-2010-5298.patch')
| -rw-r--r-- | gnu/packages/patches/openssl-CVE-2010-5298.patch | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/gnu/packages/patches/openssl-CVE-2010-5298.patch b/gnu/packages/patches/openssl-CVE-2010-5298.patch new file mode 100644 index 0000000000..707a24dff0 --- /dev/null +++ b/gnu/packages/patches/openssl-CVE-2010-5298.patch @@ -0,0 +1,27 @@ +From db978be7388852059cf54e42539a363d549c5bfd Mon Sep 17 00:00:00 2001 +From: Kurt Roeckx <kurt@roeckx.be> +Date: Sun, 13 Apr 2014 15:05:30 +0200 +Subject: [PATCH] Don't release the buffer when there still is data in it + +RT: 2167, 3265 +--- + ssl/s3_pkt.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c +index b9e45c7..32e9207 100644 +--- a/ssl/s3_pkt.c ++++ b/ssl/s3_pkt.c +@@ -1055,7 +1055,8 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) + { + s->rstate=SSL_ST_READ_HEADER; + rr->off=0; +- if (s->mode & SSL_MODE_RELEASE_BUFFERS) ++ if (s->mode & SSL_MODE_RELEASE_BUFFERS && ++ s->s3->rbuf.left == 0) + ssl3_release_read_buffer(s); + } + } +-- +1.9.1 + |