kumquat-buildroot/package/openssl/openssl-CVE-2009-1377.patch

diff -Nura openssl-0.9.8l/crypto/pqueue/pqueue.c openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.c
--- openssl-0.9.8l/crypto/pqueue/pqueue.c	2005-06-28 09:53:33.000000000 -0300
+++ openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.c	2009-11-10 13:19:42.000000000 -0300
@@ -234,3 +234,17 @@
 
 	return ret;
 	}
+
+int
+pqueue_size(pqueue_s *pq)
+{
+	pitem *item = pq->items;
+	int count = 0;
+	
+	while(item != NULL)
+	{
+		count++;
+		item = item->next;
+	}
+	return count;
+}
diff -Nura openssl-0.9.8l/crypto/pqueue/pqueue.h openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.h
--- openssl-0.9.8l/crypto/pqueue/pqueue.h	2005-05-30 19:34:27.000000000 -0300
+++ openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.h	2009-11-10 13:19:42.000000000 -0300
@@ -91,5 +91,6 @@
 pitem *pqueue_next(piterator *iter);
 
 void   pqueue_print(pqueue pq);
+int    pqueue_size(pqueue pq);
 
 #endif /* ! HEADER_PQUEUE_H */
diff -Nura openssl-0.9.8l/ssl/d1_pkt.c openssl-0.9.8l-CVE-2009-1377/ssl/d1_pkt.c
--- openssl-0.9.8l/ssl/d1_pkt.c	2009-11-05 12:21:28.000000000 -0300
+++ openssl-0.9.8l-CVE-2009-1377/ssl/d1_pkt.c	2009-11-10 13:19:42.000000000 -0300
@@ -167,6 +167,10 @@
     DTLS1_RECORD_DATA *rdata;
 	pitem *item;
 
+	/* Limit the size of the queue to prevent DOS attacks */
+	if (pqueue_size(queue->q) >= 100)
+		return 0;
+		
 	rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
 	item = pitem_new(priority, rdata);
 	if (rdata == NULL || item == NULL)
openssl: bump to 0.9.8l + security fixes Closes #703 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk> 2009-11-10 17:42:35 +01:00			`diff -Nura openssl-0.9.8l/crypto/pqueue/pqueue.c openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.c`
			`--- openssl-0.9.8l/crypto/pqueue/pqueue.c 2005-06-28 09:53:33.000000000 -0300`
			`+++ openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.c 2009-11-10 13:19:42.000000000 -0300`
			`@@ -234,3 +234,17 @@`

			`return ret;`
			`}`
			`+`
			`+int`
			`+pqueue_size(pqueue_s *pq)`
			`+{`
			`+ pitem *item = pq->items;`
			`+ int count = 0;`
			`+`
			`+ while(item != NULL)`
			`+ {`
			`+ count++;`
			`+ item = item->next;`
			`+ }`
			`+ return count;`
			`+}`
			`diff -Nura openssl-0.9.8l/crypto/pqueue/pqueue.h openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.h`
			`--- openssl-0.9.8l/crypto/pqueue/pqueue.h 2005-05-30 19:34:27.000000000 -0300`
			`+++ openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.h 2009-11-10 13:19:42.000000000 -0300`
			`@@ -91,5 +91,6 @@`
			`pitem pqueue_next(piterator iter);`

			`void pqueue_print(pqueue pq);`
			`+int pqueue_size(pqueue pq);`

			`#endif /* ! HEADER_PQUEUE_H */`
			`diff -Nura openssl-0.9.8l/ssl/d1_pkt.c openssl-0.9.8l-CVE-2009-1377/ssl/d1_pkt.c`
			`--- openssl-0.9.8l/ssl/d1_pkt.c 2009-11-05 12:21:28.000000000 -0300`
			`+++ openssl-0.9.8l-CVE-2009-1377/ssl/d1_pkt.c 2009-11-10 13:19:42.000000000 -0300`
			`@@ -167,6 +167,10 @@`
			`DTLS1_RECORD_DATA *rdata;`
			`pitem *item;`

			`+ /* Limit the size of the queue to prevent DOS attacks */`
			`+ if (pqueue_size(queue->q) >= 100)`
			`+ return 0;`
			`+`
			`rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));`
			`item = pitem_new(priority, rdata);`
			`if (rdata == NULL \|\| item == NULL)`