diff options
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-0221.patch')
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-0221.patch | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-0221.patch b/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-0221.patch new file mode 100644 index 0000000000..c4195be7be --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-0221.patch | |||
@@ -0,0 +1,43 @@ | |||
1 | From b4322e1de8be66ff230e26999b766ca1a42f9476 Mon Sep 17 00:00:00 2001 | ||
2 | From: "Dr. Stephen Henson" <steve@openssl.org> | ||
3 | Date: Fri, 16 May 2014 13:00:45 +0100 | ||
4 | Subject: [PATCH 1/2] Fix CVE-2014-0221 | ||
5 | |||
6 | Upstream-Status: Backport | ||
7 | |||
8 | Unnecessary recursion when receiving a DTLS hello request can be used to | ||
9 | crash a DTLS client. Fixed by handling DTLS hello request without recursion. | ||
10 | |||
11 | Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. | ||
12 | (cherry picked from commit d3152655d5319ce883c8e3ac4b99f8de4c59d846) | ||
13 | |||
14 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
15 | --- | ||
16 | ssl/d1_both.c | 4 ++-- | ||
17 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
18 | |||
19 | diff --git a/ssl/d1_both.c b/ssl/d1_both.c | ||
20 | index 2c06fc2..820c8f0 100644 | ||
21 | --- a/ssl/d1_both.c | ||
22 | +++ b/ssl/d1_both.c | ||
23 | @@ -789,6 +789,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) | ||
24 | int i,al; | ||
25 | struct hm_header_st msg_hdr; | ||
26 | |||
27 | + redo: | ||
28 | /* see if we have the required fragment already */ | ||
29 | if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) | ||
30 | { | ||
31 | @@ -847,8 +848,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) | ||
32 | s->msg_callback_arg); | ||
33 | |||
34 | s->init_num = 0; | ||
35 | - return dtls1_get_message_fragment(s, st1, stn, | ||
36 | - max, ok); | ||
37 | + goto redo; | ||
38 | } | ||
39 | else /* Incorrectly formated Hello request */ | ||
40 | { | ||
41 | -- | ||
42 | 1.7.10.4 | ||
43 | |||