openwrt-xburst/package/openssl/patches/900-CVE-2009-1387.patch

http://bugs.gentoo.org/270305

fix from upstream

--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -585,30 +585,31 @@ dtls1_process_out_of_seq_message(SSL *s,
 			}
 		}
 
-	frag = dtls1_hm_fragment_new(frag_len);
-	if ( frag == NULL)
-		goto err;
+	if (frag_len)
+	{
+		frag = dtls1_hm_fragment_new(frag_len);
+		if ( frag == NULL)
+			goto err;
 
-	memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
+		memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
 
-	if (frag_len)
-		{
-		/* read the body of the fragment (header has already been read */
+		/* read the body of the fragment (header has already been read) */
 		i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
 			frag->fragment,frag_len,0);
 		if (i<=0 || (unsigned long)i!=frag_len)
 			goto err;
-		}
 
-	pq_64bit_init(&seq64);
-	pq_64bit_assign_word(&seq64, msg_hdr->seq);
+		pq_64bit_init(&seq64);
+		pq_64bit_assign_word(&seq64, msg_hdr->seq);
 
-	item = pitem_new(seq64, frag);
-	pq_64bit_free(&seq64);
-	if ( item == NULL)
-		goto err;
+		item = pitem_new(seq64, frag);
+		pq_64bit_free(&seq64);
+		if ( item == NULL)
+			goto err;
+
+		pqueue_insert(s->d1->buffered_messages, item);
+	}
 
-	pqueue_insert(s->d1->buffered_messages, item);
 	return DTLS1_HM_FRAGMENT_RETRY;
 
 err:
openssl: add fixes for CVE-2009-1387 and CVE-2009-2409 (thx, puchu) git-svn-id: svn://svn.openwrt.org/openwrt/trunk@19369 3c298f89-4303-0410-b956-a3cf2f4a3e73 2010-01-28 21:27:57 +02:00			`http://bugs.gentoo.org/270305`

			`fix from upstream`

			`--- a/ssl/d1_both.c`
			`+++ b/ssl/d1_both.c`
			`@@ -585,30 +585,31 @@ dtls1_process_out_of_seq_message(SSL *s,`
			`}`
			`}`

			`- frag = dtls1_hm_fragment_new(frag_len);`
			`- if ( frag == NULL)`
			`- goto err;`
			`+ if (frag_len)`
			`+ {`
			`+ frag = dtls1_hm_fragment_new(frag_len);`
			`+ if ( frag == NULL)`
			`+ goto err;`

			`- memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));`
			`+ memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));`

			`- if (frag_len)`
			`- {`
			`- /* read the body of the fragment (header has already been read */`
			`+ /* read the body of the fragment (header has already been read) */`
			`i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,`
			`frag->fragment,frag_len,0);`
			`if (i<=0 \|\| (unsigned long)i!=frag_len)`
			`goto err;`
			`- }`

			`- pq_64bit_init(&seq64);`
			`- pq_64bit_assign_word(&seq64, msg_hdr->seq);`
			`+ pq_64bit_init(&seq64);`
			`+ pq_64bit_assign_word(&seq64, msg_hdr->seq);`

			`- item = pitem_new(seq64, frag);`
			`- pq_64bit_free(&seq64);`
			`- if ( item == NULL)`
			`- goto err;`
			`+ item = pitem_new(seq64, frag);`
			`+ pq_64bit_free(&seq64);`
			`+ if ( item == NULL)`
			`+ goto err;`
			`+`
			`+ pqueue_insert(s->d1->buffered_messages, item);`
			`+ }`

			`- pqueue_insert(s->d1->buffered_messages, item);`
			`return DTLS1_HM_FRAGMENT_RETRY;`

			`err:`