1 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0221.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0221.patch
new file mode 100644
index 0000000000..bf730a8124
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0221.patch
@@ -0,0 +1,38 @@
+commit d30e582446b027868cdabd0994681643682045a4
+Author: Dr. Stephen Henson <steve@openssl.org>
+Date:   Fri May 16 13:00:45 2014 +0100
+    Fix CVE-2014-0221
+    
+    Unnecessary recursion when receiving a DTLS hello request can be used to
+    crash a DTLS client. Fixed by handling DTLS hello request without recursion.
+    
+    Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
+Patch borrowed from Fedora
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+diff --git a/ssl/d1_both.c b/ssl/d1_both.c
+index 07f67f8..4c2fd03 100644
+--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
+@@ -793,6 +793,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
+        int i,al;
+        struct hm_header_st msg_hdr;
+ 
+       redo:
+        /* see if we have the required fragment already */
+        if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
+                {
+@@ -851,8 +852,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
+                                        s->msg_callback_arg);
+                        
+                        s->init_num = 0;
+-                       return dtls1_get_message_fragment(s, st1, stn,
+-                               max, ok);
+                       goto redo;
+                        }
+                else /* Incorrectly formated Hello request */
+                        {

diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0221.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0221.patch new file mode 100644 index 0000000000..bf730a8124 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0221.patch
@@ -0,0 +1,38 @@
	1	commit d30e582446b027868cdabd0994681643682045a4
	2	Author: Dr. Stephen Henson <steve@openssl.org>
	3	Date: Fri May 16 13:00:45 2014 +0100
	4
	5	Fix CVE-2014-0221
	6
	7	Unnecessary recursion when receiving a DTLS hello request can be used to
	8	crash a DTLS client. Fixed by handling DTLS hello request without recursion.
	9
	10	Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
	11
	12	Patch borrowed from Fedora
	13	Upstream-Status: Backport
	14	Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
	15
	16	diff --git a/ssl/d1_both.c b/ssl/d1_both.c
	17	index 07f67f8..4c2fd03 100644
	18	--- a/ssl/d1_both.c
	19	+++ b/ssl/d1_both.c
	20	@@ -793,6 +793,7 @@ dtls1_get_message_fragment(SSL s, int st1, int stn, long max, int ok)
	21	int i,al;
	22	struct hm_header_st msg_hdr;
	23
	24	+ redo:
	25	/* see if we have the required fragment already */
	26	if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) \|\| *ok)
	27	{
	28	@@ -851,8 +852,7 @@ dtls1_get_message_fragment(SSL s, int st1, int stn, long max, int ok)
	29	s->msg_callback_arg);
	30
	31	s->init_num = 0;
	32	- return dtls1_get_message_fragment(s, st1, stn,
	33	- max, ok);
	34	+ goto redo;
	35	}
	36	else /* Incorrectly formated Hello request */
	37	{
	38