1 files changed, 43 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-0221.patch b/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-0221.patch
new file mode 100644
index 0000000000..c4195be7be
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-0221.patch
@@ -0,0 +1,43 @@
+From b4322e1de8be66ff230e26999b766ca1a42f9476 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Fri, 16 May 2014 13:00:45 +0100
+Subject: [PATCH 1/2] Fix CVE-2014-0221
+Upstream-Status: Backport
+Unnecessary recursion when receiving a DTLS hello request can be used to
+crash a DTLS client. Fixed by handling DTLS hello request without recursion.
+Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
+(cherry picked from commit d3152655d5319ce883c8e3ac4b99f8de4c59d846)
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ ssl/d1_both.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/ssl/d1_both.c b/ssl/d1_both.c
+index 2c06fc2..820c8f0 100644
+--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
+@@ -789,6 +789,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
+        int i,al;
+        struct hm_header_st msg_hdr;
+ 
+       redo:
+        /* see if we have the required fragment already */
+        if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
+                {
+@@ -847,8 +848,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
+                                        s->msg_callback_arg);
+                        
+                        s->init_num = 0;
+-                       return dtls1_get_message_fragment(s, st1, stn,
+-                               max, ok);
+                       goto redo;
+                        }
+                else /* Incorrectly formated Hello request */
+                        {
+-- 
+1.7.10.4

diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-0221.patch b/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-0221.patch new file mode 100644 index 0000000000..c4195be7be --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-0221.patch
@@ -0,0 +1,43 @@
	1	From b4322e1de8be66ff230e26999b766ca1a42f9476 Mon Sep 17 00:00:00 2001
	2	From: "Dr. Stephen Henson" <steve@openssl.org>
	3	Date: Fri, 16 May 2014 13:00:45 +0100
	4	Subject: [PATCH 1/2] Fix CVE-2014-0221
	5
	6	Upstream-Status: Backport
	7
	8	Unnecessary recursion when receiving a DTLS hello request can be used to
	9	crash a DTLS client. Fixed by handling DTLS hello request without recursion.
	10
	11	Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
	12	(cherry picked from commit d3152655d5319ce883c8e3ac4b99f8de4c59d846)
	13
	14	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
	15	---
	16	ssl/d1_both.c \| 4 ++--
	17	1 file changed, 2 insertions(+), 2 deletions(-)
	18
	19	diff --git a/ssl/d1_both.c b/ssl/d1_both.c
	20	index 2c06fc2..820c8f0 100644
	21	--- a/ssl/d1_both.c
	22	+++ b/ssl/d1_both.c
	23	@@ -789,6 +789,7 @@ dtls1_get_message_fragment(SSL s, int st1, int stn, long max, int ok)
	24	int i,al;
	25	struct hm_header_st msg_hdr;
	26
	27	+ redo:
	28	/* see if we have the required fragment already */
	29	if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) \|\| *ok)
	30	{
	31	@@ -847,8 +848,7 @@ dtls1_get_message_fragment(SSL s, int st1, int stn, long max, int ok)
	32	s->msg_callback_arg);
	33
	34	s->init_num = 0;
	35	- return dtls1_get_message_fragment(s, st1, stn,
	36	- max, ok);
	37	+ goto redo;
	38	}
	39	else /* Incorrectly formated Hello request */
	40	{
	41	--
	42	1.7.10.4
	43