mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-24 07:46:48 +00:00
openssl: fix CVE-2014-3569
Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 43858
This commit is contained in:
parent
321f4a1e2c
commit
2c4d88c503
@ -1,5 +1,5 @@
|
||||
#
|
||||
# Copyright (C) 2006-2014 OpenWrt.org
|
||||
# Copyright (C) 2006-2015 OpenWrt.org
|
||||
#
|
||||
# This is free software, licensed under the GNU General Public License v2.
|
||||
# See /LICENSE for more information.
|
||||
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=openssl
|
||||
PKG_VERSION:=1.0.1j
|
||||
PKG_RELEASE:=3
|
||||
PKG_RELEASE:=4
|
||||
PKG_USE_MIPS16:=0
|
||||
|
||||
PKG_BUILD_PARALLEL:=1
|
||||
|
38
package/libs/openssl/patches/001-fix-CVE-2014-3569.patch
Normal file
38
package/libs/openssl/patches/001-fix-CVE-2014-3569.patch
Normal file
@ -0,0 +1,38 @@
|
||||
From: Kurt Roeckx <kurt@roeckx.be>
|
||||
Date: Tue, 21 Oct 2014 18:45:15 +0000 (+0200)
|
||||
Subject: Keep old method in case of an unsupported protocol
|
||||
X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=392fa7a952e97d82eac6958c81ed1e256e6b8ca5
|
||||
|
||||
Keep old method in case of an unsupported protocol
|
||||
|
||||
When we're configured with no-ssl3 and we receive an SSL v3 Client Hello, we set
|
||||
the method to NULL. We didn't used to do that, and it breaks things. This is a
|
||||
regression introduced in 62f45cc27d07187b59551e4fad3db4e52ea73f2c. Keep the old
|
||||
method since the code is not able to deal with a NULL method at this time.
|
||||
|
||||
CVE-2014-3569, PR#3571
|
||||
|
||||
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
||||
---
|
||||
|
||||
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
|
||||
index 38960ba..858420d 100644
|
||||
--- a/ssl/s23_srvr.c
|
||||
+++ b/ssl/s23_srvr.c
|
||||
@@ -615,12 +615,14 @@ int ssl23_get_client_hello(SSL *s)
|
||||
if ((type == 2) || (type == 3))
|
||||
{
|
||||
/* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
|
||||
- s->method = ssl23_get_server_method(s->version);
|
||||
- if (s->method == NULL)
|
||||
+ const SSL_METHOD *new_method;
|
||||
+ new_method = ssl23_get_server_method(s->version);
|
||||
+ if (new_method == NULL)
|
||||
{
|
||||
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
|
||||
goto err;
|
||||
}
|
||||
+ s->method = new_method;
|
||||
|
||||
if (!ssl_init_wbio_buffer(s,1)) goto err;
|
||||
|
Loading…
Reference in New Issue
Block a user