[mingw32-openssl/f14/master] CVE-2011-0014 openssl: OCSP stapling vulnerability fix for https://bugzilla.redhat.com/show_bug.cgi?

Kalev Lember kalev at fedoraproject.org
Sat Apr 23 12:25:45 UTC 2011 

commit 61bb211b9a3cfa498e93f7627fe3a04429851683
Author: Kai Tietz <ktietz at redhat.com>
Date:   Fri Mar 4 11:03:42 2011 +0100

    CVE-2011-0014 openssl: OCSP stapling vulnerability fix for
    https://bugzilla.redhat.com/show_bug.cgi?id=676070

 mingw32-openssl.spec          |    7 ++++++-
 openssl-1.0.0a-sslt1lib.patch |   28 ++++++++++++++++++++++++++++
 2 files changed, 34 insertions(+), 1 deletions(-)
---
diff --git a/mingw32-openssl.spec b/mingw32-openssl.spec
index 139f6bf..3dc268d 100644
--- a/mingw32-openssl.spec
+++ b/mingw32-openssl.spec
@@ -29,7 +29,7 @@
 
 Name:           mingw32-openssl
 Version:        1.0.0a
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        MinGW port of the OpenSSL toolkit
 
 License:        OpenSSL
@@ -59,6 +59,7 @@ Patch7:         openssl-1.0.0-timezone.patch
 # Bug fixes
 Patch23:        openssl-1.0.0-beta4-default-paths.patch
 Patch24:        openssl-0.9.8j-bad-mime.patch
+Patch25:	openssl-1.0.0a-sslt1lib.patch
 # Functionality changes
 Patch32:        openssl-0.9.8g-ia64.patch
 Patch33:        openssl-1.0.0-beta4-ca-dir.patch
@@ -157,6 +158,7 @@ Static version of the MinGW port of the OpenSSL toolkit.
 
 %patch23 -p1 -b .default-paths
 %patch24 -p1 -b .bad-mime
+%patch25 -p1 -b .sslt1lib
 
 %patch32 -p1 -b .ia64
 #patch33 is applied after make test
@@ -343,6 +345,9 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Fri Mar 04 2011 Kai Tietz <ktietz at redhat.com> - 1.0.0a-2
+- Fixes for CVE-2011-0014 openssl: OCSP stapling vulnerability
+
 * Sat Jun 19 2010 Kalev Lember <kalev at smartlink.ee> - 1.0.0a-1
 - Updated to openssl 1.0.0a
 - Synced patches with Fedora native openssl-1.0.0a-1
diff --git a/openssl-1.0.0a-sslt1lib.patch b/openssl-1.0.0a-sslt1lib.patch
new file mode 100644
index 0000000..2e7d2ff
--- /dev/null
+++ b/openssl-1.0.0a-sslt1lib.patch
@@ -0,0 +1,28 @@
+---  openssl-1.0.0a/ssl/t1_lib.c	25 Nov 2010 12:28:28 -0000	1.64.2.17
++++  openssl-1.0.0a/ssl/t1_lib.c	8 Feb 2011 00:00:00 -0000
+@@ -917,6 +917,7 @@
+ 						}
+ 					n2s(data, idsize);
+ 					dsize -= 2 + idsize;
++					size -= 2 + idsize;
+ 					if (dsize < 0)
+ 						{
+ 						*al = SSL_AD_DECODE_ERROR;
+@@ -955,9 +956,14 @@
+ 					}
+ 
+ 				/* Read in request_extensions */
++				if (size < 2)
++					{
++					*al = SSL_AD_DECODE_ERROR;
++					return 0;
++					}
+ 				n2s(data,dsize);
+ 				size -= 2;
+-				if (dsize > size) 
++				if (dsize != size)
+ 					{
+ 					*al = SSL_AD_DECODE_ERROR;
+ 					return 0;
+
+

More information about the scm-commits mailing list