Date: Sun, 23 Aug 2009 14:12:01 +0000 (UTC) From: "Simon L. Nielsen" <simon@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r196462 - vendor-crypto/openssl/dist/ssl Message-ID: <200908231412.n7NEC1Fw062845@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: simon Date: Sun Aug 23 14:12:01 2009 New Revision: 196462 URL: http://svn.freebsd.org/changeset/base/196462 Log: Import DTLS fix from upstream OpenSSL 0.9.8 branch: Fix fragment handling memory leak. Note that this will not get FreeBSD Security Advisory as DTLS is experimental in OpenSSL. Security: CVE-2009-1378 Obtained from: OpenSSL CVS http://cvs.openssl.org/filediff?f=openssl/ssl/d1_both.c&v1=1.4.2.13&v2=1.4.2.15 Modified: vendor-crypto/openssl/dist/ssl/d1_both.c Modified: vendor-crypto/openssl/dist/ssl/d1_both.c ============================================================================== --- vendor-crypto/openssl/dist/ssl/d1_both.c Sun Aug 23 13:58:25 2009 (r196461) +++ vendor-crypto/openssl/dist/ssl/d1_both.c Sun Aug 23 14:12:01 2009 (r196462) @@ -561,7 +561,16 @@ dtls1_process_out_of_seq_message(SSL *s, if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) goto err; - if (msg_hdr->seq <= s->d1->handshake_read_seq) + /* Try to find item in queue, to prevent duplicate entries */ + pq_64bit_init(&seq64); + pq_64bit_assign_word(&seq64, msg_hdr->seq); + item = pqueue_find(s->d1->buffered_messages, seq64); + pq_64bit_free(&seq64); + + /* Discard the message if sequence number was already there, is + * too far in the future or the fragment is already in the queue */ + if (msg_hdr->seq <= s->d1->handshake_read_seq || + msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL) { unsigned char devnull [256];
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908231412.n7NEC1Fw062845>