1
0
mirror of git://projects.qi-hardware.com/openwrt-xburst.git synced 2024-11-24 15:50:17 +02:00
openwrt-xburst/package/openssl/patches/900-CVE-2009-1378.patch
kaloz 26862c3e56 update openssl to 0.9.8l -- thanks puchu
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18398 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-11-12 10:39:10 +00:00

25 lines
894 B
Diff

http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
Index: openssl/ssl/d1_both.c
===================================================================
--- d1_both.c.orig
+++ d1_both.c
@@ -561,7 +561,16 @@ dtls1_process_out_of_seq_message(SSL *s,
if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
goto err;
- if (msg_hdr->seq <= s->d1->handshake_read_seq)
+ /* Try to find item in queue, to prevent duplicate entries */
+ pq_64bit_init(&seq64);
+ pq_64bit_assign_word(&seq64, msg_hdr->seq);
+ item = pqueue_find(s->d1->buffered_messages, seq64);
+ pq_64bit_free(&seq64);
+
+ /* Discard the message if sequence number was already there, is
+ * too far in the future or the fragment is already in the queue */
+ if (msg_hdr->seq <= s->d1->handshake_read_seq ||
+ msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL)
{
unsigned char devnull [256];