Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.2:Ports
compat-openssl098
openssl-CVE-2016-6306.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-CVE-2016-6306.patch of Package compat-openssl098
commit 52e623c4cb06fffa9d5e75c60b34b4bc130b12e9 Author: Dr. Stephen Henson <steve@openssl.org> Date: Sat Sep 17 12:36:58 2016 +0100 Fix small OOB reads. In ssl3_get_client_certificate, ssl3_get_server_certificate and ssl3_get_certificate_request check we have enough room before reading a length. Thanks to Shi Lei (Gear Team, Qihoo 360 Inc.) for reporting these bugs. CVE-2016-6306 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit ff553f837172ecb2b5c8eca257ec3c5619a4b299) Index: openssl-0.9.8j/ssl/s3_clnt.c =================================================================== --- openssl-0.9.8j.orig/ssl/s3_clnt.c 2016-09-22 17:56:42.279971983 +0200 +++ openssl-0.9.8j/ssl/s3_clnt.c 2016-09-22 17:56:57.764218923 +0200 @@ -940,6 +940,12 @@ int ssl3_get_server_certificate(SSL *s) } for (nc=0; nc<llen; ) { + if (nc + 3 > llen) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSL_R_CERT_LENGTH_MISMATCH); + goto f_err; + } n2l3(p,l); if ((l+nc+3) > llen) { @@ -1634,6 +1640,11 @@ fclose(out); for (nc=0; nc<llen; ) { + if (nc + 2 > llen) { + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_TOO_LONG); + goto err; + } n2s(p,l); if ((l+nc+2) > llen) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor