From 26862c3e56fe9164f7a7a45305d99965145b975e Mon Sep 17 00:00:00 2001
From: kaloz <kaloz@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Thu, 12 Nov 2009 10:39:10 +0000
Subject: update openssl to 0.9.8l -- thanks puchu

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18398 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/openssl/patches/900-CVE-2009-1377.patch | 53 +++++++++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 package/openssl/patches/900-CVE-2009-1377.patch

(limited to 'package/openssl/patches/900-CVE-2009-1377.patch')

diff --git a/package/openssl/patches/900-CVE-2009-1377.patch b/package/openssl/patches/900-CVE-2009-1377.patch
new file mode 100644
index 000000000..cc5a19fb4
--- /dev/null
+++ b/package/openssl/patches/900-CVE-2009-1377.patch
@@ -0,0 +1,53 @@
+http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
+
+Index: openssl/crypto/pqueue/pqueue.c
+RCS File: /v/openssl/cvs/openssl/crypto/pqueue/pqueue.c,v
+rcsdiff -q -kk '-r1.2.2.4' '-r1.2.2.5' -u '/v/openssl/cvs/openssl/crypto/pqueue/pqueue.c,v' 2>/dev/null
+--- pqueue.c	2005/06/28 12:53:33	1.2.2.4
++++ pqueue.c	2009/05/16 16:18:44	1.2.2.5
+@@ -234,3 +234,17 @@
+ 
+ 	return ret;
+ 	}
++
++int
++pqueue_size(pqueue_s *pq)
++{
++	pitem *item = pq->items;
++	int count = 0;
++	
++	while(item != NULL)
++	{
++		count++;
++		item = item->next;
++	}
++	return count;
++}
+Index: openssl/crypto/pqueue/pqueue.h
+RCS File: /v/openssl/cvs/openssl/crypto/pqueue/pqueue.h,v
+rcsdiff -q -kk '-r1.2.2.1' '-r1.2.2.2' -u '/v/openssl/cvs/openssl/crypto/pqueue/pqueue.h,v' 2>/dev/null
+--- pqueue.h	2005/05/30 22:34:27	1.2.2.1
++++ pqueue.h	2009/05/16 16:18:44	1.2.2.2
+@@ -91,5 +91,6 @@
+ pitem *pqueue_next(piterator *iter);
+ 
+ void   pqueue_print(pqueue pq);
++int    pqueue_size(pqueue pq);
+ 
+ #endif /* ! HEADER_PQUEUE_H */
+Index: openssl/ssl/d1_pkt.c
+RCS File: /v/openssl/cvs/openssl/ssl/d1_pkt.c,v
+rcsdiff -q -kk '-r1.4.2.17' '-r1.4.2.18' -u '/v/openssl/cvs/openssl/ssl/d1_pkt.c,v' 2>/dev/null
+--- d1_pkt.c	2009/05/16 15:51:59	1.4.2.17
++++ d1_pkt.c	2009/05/16 16:18:45	1.4.2.18
+@@ -167,6 +167,10 @@
+     DTLS1_RECORD_DATA *rdata;
+ 	pitem *item;
+ 
++	/* Limit the size of the queue to prevent DOS attacks */
++	if (pqueue_size(queue->q) >= 100)
++		return 0;
++		
+ 	rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
+ 	item = pitem_new(priority, rdata);
+ 	if (rdata == NULL || item == NULL)
-- 
cgit v1.2.3