Date: Sun, 23 Aug 2009 14:15:28 +0000 (UTC) From: "Simon L. Nielsen" <simon@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r196463 - vendor-crypto/openssl/dist/ssl Message-ID: <200908231415.n7NEFSwr062942@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: simon Date: Sun Aug 23 14:15:28 2009 New Revision: 196463 URL: http://svn.freebsd.org/changeset/base/196463 Log: Import DTLS fix from upstream OpenSSL 0.9.8 branch: Do not access freed data structure. Note that this will not get FreeBSD Security Advisory as DTLS is experimental in OpenSSL. Security: CVE-2009-1379 Obtained from: OpenSSL CVS http://cvs.openssl.org/chngview?cn=18156 Modified: vendor-crypto/openssl/dist/ssl/d1_both.c Modified: vendor-crypto/openssl/dist/ssl/d1_both.c ============================================================================== --- vendor-crypto/openssl/dist/ssl/d1_both.c Sun Aug 23 14:12:01 2009 (r196462) +++ vendor-crypto/openssl/dist/ssl/d1_both.c Sun Aug 23 14:15:28 2009 (r196463) @@ -519,6 +519,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, if ( s->d1->handshake_read_seq == frag->msg_header.seq) { + unsigned long frag_len = frag->msg_header.frag_len; pqueue_pop(s->d1->buffered_messages); al=dtls1_preprocess_fragment(s,&frag->msg_header,max); @@ -536,7 +537,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, if (al==0) { *ok = 1; - return frag->msg_header.frag_len; + return frag_len; } ssl3_send_alert(s,SSL3_AL_FATAL,al);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908231415.n7NEFSwr062942>