[src/trunk]: src/crypto/external/bsd/openssl/dist/ssl fix for CVE-2011-0014 (...

[spz <spz%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/03c202d0ef3f
branches:  trunk
changeset: 761878:03c202d0ef3f
user:      spz <spz%NetBSD.org@localhost>
date:      Thu Feb 10 06:04:54 2011 +0000

description:
fix for CVE-2011-0014 (OCSP stapling vulnerability in OpenSSL)
patch taken from http://www.openssl.org/news/secadv_20110208.txt

diffstat:

 crypto/external/bsd/openssl/dist/ssl/t1_lib.c |  8 +++++++-
 1 files changed, 7 insertions(+), 1 deletions(-)

diffs (27 lines):

diff -r eaaa621c4bc6 -r 03c202d0ef3f crypto/external/bsd/openssl/dist/ssl/t1_lib.c
--- a/crypto/external/bsd/openssl/dist/ssl/t1_lib.c     Thu Feb 10 05:55:26 2011 +0000
+++ b/crypto/external/bsd/openssl/dist/ssl/t1_lib.c     Thu Feb 10 06:04:54 2011 +0000
@@ -916,6 +916,7 @@
                                                }
                                        n2s(data, idsize);
                                        dsize -= 2 + idsize;
+                                       size -= 2 + idsize;
                                        if (dsize < 0)
                                                {
                                                *al = SSL_AD_DECODE_ERROR;
@@ -954,9 +955,14 @@
                                        }
 
                                /* Read in request_extensions */
+                               if (size < 2)
+                                       {
+                                       *al = SSL_AD_DECODE_ERROR;
+                                       return 0;
+                                       }
                                n2s(data,dsize);
                                size -= 2;
-                               if (dsize > size) 
+                               if (dsize != size) 
                                        {
                                        *al = SSL_AD_DECODE_ERROR;
                                        return 0;