- fix typo in DTLS1 code (#527015)

- fix leak in error handling of d2i_SSL_SESSION()
2009-10-08 19:01:43 +00:00 · 2009-10-08 19:01:43 +00:00 · 5c062c1ba9
commit 5c062c1ba9
parent 0d4bee2e57
3 changed files with 64 additions and 1 deletions
--- a/openssl-1.0.0-beta3-dtls1-fix.patch
+++ b/openssl-1.0.0-beta3-dtls1-fix.patch
@ -0,0 +1,28 @@
+Index: openssl/ssl/d1_clnt.c
+RCS File: /v/openssl/cvs/openssl/ssl/d1_clnt.c,v
+rcsdiff -q -kk '-r1.16.2.10' '-r1.16.2.11' -u '/v/openssl/cvs/openssl/ssl/d1_clnt.c,v' 2>/dev/null
+--- openssl/ssl/d1_clnt.c 2009/07/15 11:32:57 1.16.2.10
+++ openssl/ssl/d1_clnt.c 2009/07/24 11:52:32 1.16.2.11
+@@ -223,6 +223,8 @@
+ 			s->init_num=0;
+ 			/* mark client_random uninitialized */
+ 			memset(s->s3->client_random,0,sizeof(s->s3->client_random));
+			s->d1->send_cookie = 0;
+			s->hit = 0;
+ 			break;
+ 
+ 		case SSL3_ST_CW_CLNT_HELLO_A:
+Index: openssl/ssl/d1_pkt.c
+RCS File: /v/openssl/cvs/openssl/ssl/d1_pkt.c,v
+rcsdiff -q -kk '-r1.27.2.13' '-r1.27.2.14' -u '/v/openssl/cvs/openssl/ssl/d1_pkt.c,v' 2>/dev/null
+--- openssl/ssl/d1_pkt.c 2009/07/13 11:44:04 1.27.2.13
+++ openssl/ssl/d1_pkt.c 2009/07/24 11:52:32 1.27.2.14
+@@ -775,7 +775,7 @@
+ 	/* Check for timeout */
+ 	if (dtls1_is_timer_expired(s))
+ 		{
+-		if (dtls1_read_failed(s, -1) > 0);
+		if (dtls1_read_failed(s, -1) > 0)
+ 			goto start;
+ 		}
+ 
--- a/openssl-1.0.0-beta3-ssl-session.patch
+++ b/openssl-1.0.0-beta3-ssl-session.patch
@ -0,0 +1,27 @@
+Index: openssl/ssl/ssl_asn1.c
+RCS File: /v/openssl/cvs/openssl/ssl/ssl_asn1.c,v
+rcsdiff -q -kk '-r1.36.2.2' '-r1.36.2.3' -u '/v/openssl/cvs/openssl/ssl/ssl_asn1.c,v' 2>/dev/null
+--- openssl/ssl/ssl_asn1.c 2009/08/05 15:29:14 1.36.2.2
+++ openssl/ssl/ssl_asn1.c 2009/09/02 13:20:22 1.36.2.3
+@@ -413,8 +413,8 @@
+ 		}
+ 	else
+ 		{
+-		SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNKNOWN_SSL_VERSION);
+-		return(NULL);
+		c.error=SSL_R_UNKNOWN_SSL_VERSION;
+		goto err;
+ 		}
+ 	
+ 	ret->cipher=NULL;
+@@ -505,8 +505,8 @@
+ 	    {
+ 	    if (os.length > SSL_MAX_SID_CTX_LENGTH)
+ 		{
+-		ret->sid_ctx_length=os.length;
+-		SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH);
+		c.error=SSL_R_BAD_LENGTH;
+		goto err;
+ 		}
+ 	    else
+ 		{
--- a/openssl.spec
+++ b/openssl.spec
@ -23,7 +23,7 @@
 Summary: A general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.0
-Release: 0.8.%{beta}%{?dist}
+Release: 0.9.%{beta}%{?dist}
 # We remove certain patented algorithms from the openssl source tarball
 # with the hobble-openssl script which is included below.
 Source: openssl-%{version}-%{beta}-usa.tar.bz2
@ -67,6 +67,8 @@ Patch52: openssl-1.0.0-beta3-dss1.patch
 Patch60: openssl-1.0.0-beta3-namingstr.patch
 Patch61: openssl-1.0.0-beta3-namingblk.patch
 Patch62: openssl-1.0.0-beta3-camellia-rounds.patch
+Patch63: openssl-1.0.0-beta3-dtls1-fix.patch
+Patch64: openssl-1.0.0-beta3-ssl-session.patch

 License: OpenSSL
 Group: System Environment/Libraries
@ -151,6 +153,8 @@ from other formats to the formats used by the OpenSSL toolkit.
 %patch60 -p1 -b .namingstr
 %patch61 -p1 -b .namingblk
 %patch62 -p1 -b .cmll-rounds
+%patch63 -p1 -b .dtls1-fix
+%patch64 -p1 -b .ssl-session

 # Modify the various perl scripts to reference perl in the right location.
 perl util/perlpath.pl `dirname %{__perl}`
@ -399,6 +403,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 %postun -p /sbin/ldconfig

 %changelog
+* Thu Oct  8 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.9.beta3
+- fix typo in DTLS1 code (#527015)
+- fix leak in error handling of d2i_SSL_SESSION()
+
 * Wed Sep 30 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.8.beta3
 - fix RSA and DSA FIPS selftests
 - reenable fixed x86_64 camellia assembler code (#521127)