Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
compat-openssl098.27677
prevent_buffer_overread.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File prevent_buffer_overread.patch of Package compat-openssl098.27677
Index: openssl-0.9.8j/ssl/d1_both.c =================================================================== --- openssl-0.9.8j.orig/ssl/d1_both.c +++ openssl-0.9.8j/ssl/d1_both.c @@ -449,7 +449,7 @@ f_err: } -static int dtls1_preprocess_fragment(SSL *s,struct hm_header_st *msg_hdr,int max) +static int dtls1_preprocess_fragment(SSL *s,struct hm_header_st *msg_hdr,long max) { size_t frag_off,frag_len,msg_len; @@ -552,7 +552,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, static int -dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) +dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok, long max) { int i=-1; hm_fragment *frag = NULL; @@ -560,7 +560,7 @@ dtls1_process_out_of_seq_message(SSL *s, PQ_64BIT seq64; unsigned long frag_len = msg_hdr->frag_len; - if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) + if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len || (msg_hdr->frag_off+frag_len) > (unsigned long)max) goto err; /* Try to find item in queue, to prevent duplicate entries */ @@ -656,7 +656,7 @@ dtls1_get_message_fragment(SSL *s, int s * (or dropped)--no further processing at this time */ if ( msg_hdr.seq != s->d1->handshake_read_seq) - return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); + return dtls1_process_out_of_seq_message(s, &msg_hdr, ok, max); l = msg_hdr.msg_len; frag_off = msg_hdr.frag_off;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor