From f9c5c21b08ad12888bc636791b9737435b742991 Mon Sep 17 00:00:00 2001 From: Kai Tietz Date: Fri, 4 Mar 2011 11:03:42 +0100 Subject: [PATCH] CVE-2011-0014 openssl: OCSP stapling vulnerability fix for https://bugzilla.redhat.com/show_bug.cgi?id=676070 --- mingw32-openssl.spec | 5 +++++ openssl-1.0.0a-sslt1lib.patch | 28 ++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 openssl-1.0.0a-sslt1lib.patch diff --git a/mingw32-openssl.spec b/mingw32-openssl.spec index 6ec0cb2..91b336b 100644 --- a/mingw32-openssl.spec +++ b/mingw32-openssl.spec @@ -59,6 +59,7 @@ Patch7: openssl-1.0.0-timezone.patch # Bug fixes Patch23: openssl-1.0.0-beta4-default-paths.patch Patch24: openssl-0.9.8j-bad-mime.patch +Patch25: openssl-1.0.0a-sslt1lib.patch # Functionality changes Patch32: openssl-0.9.8g-ia64.patch Patch33: openssl-1.0.0-beta4-ca-dir.patch @@ -157,6 +158,7 @@ Static version of the MinGW port of the OpenSSL toolkit. %patch23 -p1 -b .default-paths %patch24 -p1 -b .bad-mime +%patch25 -p1 -b .sslt1lib %patch32 -p1 -b .ia64 #patch33 is applied after make test @@ -343,6 +345,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Fri Mar 04 2011 Kai Tietz +- Fixes for CVE-2011-0014 openssl: OCSP stapling vulnerability + * Thu Mar 3 2011 Kai Tietz - 1.0.0a-3 - Bump and rebuild. diff --git a/openssl-1.0.0a-sslt1lib.patch b/openssl-1.0.0a-sslt1lib.patch new file mode 100644 index 0000000..2e7d2ff --- /dev/null +++ b/openssl-1.0.0a-sslt1lib.patch @@ -0,0 +1,28 @@ +--- openssl-1.0.0a/ssl/t1_lib.c 25 Nov 2010 12:28:28 -0000 1.64.2.17 ++++ openssl-1.0.0a/ssl/t1_lib.c 8 Feb 2011 00:00:00 -0000 +@@ -917,6 +917,7 @@ + } + n2s(data, idsize); + dsize -= 2 + idsize; ++ size -= 2 + idsize; + if (dsize < 0) + { + *al = SSL_AD_DECODE_ERROR; +@@ -955,9 +956,14 @@ + } + + /* Read in request_extensions */ ++ if (size < 2) ++ { ++ *al = SSL_AD_DECODE_ERROR; ++ return 0; ++ } + n2s(data,dsize); + size -= 2; +- if (dsize > size) ++ if (dsize != size) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + +