CVS commit: src/crypto/external/bsd/openssl/dist/ssl

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/crypto/external/bsd/openssl/dist/ssl
From: Manuel Bouyer <bouyer%netbsd.org@localhost>
Date: Fri, 9 Apr 2010 04:34:14 +0000

Module Name:    src
Committed By:   bouyer
Date:           Fri Apr  9 04:34:13 UTC 2010

Modified Files:
        src/crypto/external/bsd/openssl/dist/ssl: s3_enc.c s3_srvr.c t1_enc.c

Log Message:
Fix crash in openssl (I suspect caused by malformed packets):
handshake_dgst[] may be used without being allocated, causing NULL
pointer dereference.
Fix by checking that handshake_dgst is not NULL before use.
Reported to openssl as ticket openssl.org #2214.
Fix tested on netbsd-5 by Luke Mewburn with apache, and by me with
freeradius (fixing segmentation fault in both cases).


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.2 \
    src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c
cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c
cvs rdiff -u -r1.1.1.2 -r1.2 \
    src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: [netbsd-5] src/doc
Next by Date: CVS commit: src/sys/dev/acpi/wmi
Previous by Thread: CVS commit: [netbsd-5] src/doc
Next by Thread: CVS commit: src/sys/dev/acpi/wmi
Indexes:

Home | Main Index | Thread Index | Old Index