diff options
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl/0001-CVE-2014-3569.patch')
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/0001-CVE-2014-3569.patch | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-CVE-2014-3569.patch b/meta/recipes-connectivity/openssl/openssl/0001-CVE-2014-3569.patch new file mode 100644 index 0000000000..6cd57b47ba --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-CVE-2014-3569.patch | |||
@@ -0,0 +1,49 @@ | |||
1 | From 6ce9687b5aba5391fc0de50e18779eb676d0e04d Mon Sep 17 00:00:00 2001 | ||
2 | From: Kurt Roeckx <kurt@roeckx.be> | ||
3 | Date: Tue, 21 Oct 2014 20:45:15 +0200 | ||
4 | Subject: [PATCH] Keep old method in case of an unsupported protocol | ||
5 | MIME-Version: 1.0 | ||
6 | Content-Type: text/plain; charset=UTF-8 | ||
7 | Content-Transfer-Encoding: 8bit | ||
8 | |||
9 | When we're configured with no-ssl3 and we receive an SSL v3 Client Hello, we set | ||
10 | the method to NULL. We didn't used to do that, and it breaks things. This is a | ||
11 | regression introduced in 62f45cc27d07187b59551e4fad3db4e52ea73f2c. Keep the old | ||
12 | method since the code is not able to deal with a NULL method at this time. | ||
13 | |||
14 | CVE-2014-3569, PR#3571 | ||
15 | |||
16 | Upstream-Status: Backport | ||
17 | |||
18 | Reviewed-by: Emilia Käsper <emilia@openssl.org> | ||
19 | (cherry picked from commit 392fa7a952e97d82eac6958c81ed1e256e6b8ca5) | ||
20 | |||
21 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
22 | --- | ||
23 | ssl/s23_srvr.c | 6 ++++-- | ||
24 | 1 file changed, 4 insertions(+), 2 deletions(-) | ||
25 | |||
26 | diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c | ||
27 | index 93ca7d5..de909b1 100644 | ||
28 | --- a/ssl/s23_srvr.c | ||
29 | +++ b/ssl/s23_srvr.c | ||
30 | @@ -602,12 +602,14 @@ int ssl23_get_client_hello(SSL *s) | ||
31 | if ((type == 2) || (type == 3)) | ||
32 | { | ||
33 | /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */ | ||
34 | - s->method = ssl23_get_server_method(s->version); | ||
35 | - if (s->method == NULL) | ||
36 | + const SSL_METHOD *new_method; | ||
37 | + new_method = ssl23_get_server_method(s->version); | ||
38 | + if (new_method == NULL) | ||
39 | { | ||
40 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); | ||
41 | goto err; | ||
42 | } | ||
43 | + s->method = new_method; | ||
44 | |||
45 | if (!ssl_init_wbio_buffer(s,1)) goto err; | ||
46 | |||
47 | -- | ||
48 | 1.9.1 | ||
49 | |||