openssl: fix for CVE-2007-5135
This commit is contained in:
commit
5940439dc6
@ -1,4 +1,5 @@
|
|||||||
30ad2995a2668db16ae3083c11a42307 CVE-2007-3108.patch
|
30ad2995a2668db16ae3083c11a42307 CVE-2007-3108.patch
|
||||||
|
21119cb0b942c835395d7f57530ba14a CVE-2007-5135.patch
|
||||||
9d0df57845af8acd1027a7df5c18d017 mksslcert.sh
|
9d0df57845af8acd1027a7df5c18d017 mksslcert.sh
|
||||||
3cbccf8f5d7ce488a306fb9029512b80 openssl-0.9.8-gcc42.patch
|
3cbccf8f5d7ce488a306fb9029512b80 openssl-0.9.8-gcc42.patch
|
||||||
58daa890c3bc19bd6ce3451b2e5e335c openssl-0.9.8b-parallel-build.patch
|
58daa890c3bc19bd6ce3451b2e5e335c openssl-0.9.8b-parallel-build.patch
|
||||||
|
46
openssl/CVE-2007-5135.patch
Normal file
46
openssl/CVE-2007-5135.patch
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
openssl/ssl/ssl_lib.c 1.133.2.9 -> 1.133.2.10
|
||||||
|
|
||||||
|
--- ssl_lib.c 2007/08/12 18:59:02 1.133.2.9
|
||||||
|
+++ ssl_lib.c 2007/09/19 12:16:21 1.133.2.10
|
||||||
|
@@ -1210,7 +1210,6 @@
|
||||||
|
char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
|
||||||
|
{
|
||||||
|
char *p;
|
||||||
|
- const char *cp;
|
||||||
|
STACK_OF(SSL_CIPHER) *sk;
|
||||||
|
SSL_CIPHER *c;
|
||||||
|
int i;
|
||||||
|
@@ -1223,20 +1222,21 @@
|
||||||
|
sk=s->session->ciphers;
|
||||||
|
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
|
||||||
|
{
|
||||||
|
- /* Decrement for either the ':' or a '\0' */
|
||||||
|
- len--;
|
||||||
|
+ int n;
|
||||||
|
+
|
||||||
|
c=sk_SSL_CIPHER_value(sk,i);
|
||||||
|
- for (cp=c->name; *cp; )
|
||||||
|
+ n=strlen(c->name);
|
||||||
|
+ if (n+1 > len)
|
||||||
|
{
|
||||||
|
- if (len-- <= 0)
|
||||||
|
- {
|
||||||
|
- *p='\0';
|
||||||
|
- return(buf);
|
||||||
|
- }
|
||||||
|
- else
|
||||||
|
- *(p++)= *(cp++);
|
||||||
|
+ if (p != buf)
|
||||||
|
+ --p;
|
||||||
|
+ *p='\0';
|
||||||
|
+ return buf;
|
||||||
|
}
|
||||||
|
+ strcpy(p,c->name);
|
||||||
|
+ p+=n;
|
||||||
|
*(p++)=':';
|
||||||
|
+ len-=n+1;
|
||||||
|
}
|
||||||
|
p[-1]='\0';
|
||||||
|
return(buf);
|
||||||
|
|
||||||
|
|
@ -6,12 +6,14 @@ name=openssl
|
|||||||
version=0.9.8e
|
version=0.9.8e
|
||||||
release=3
|
release=3
|
||||||
source=(http://www.openssl.org/source/$name-$version.tar.gz \
|
source=(http://www.openssl.org/source/$name-$version.tar.gz \
|
||||||
mksslcert.sh openssl-0.9.8b-parallel-build.patch \
|
mksslcert.sh openssl-0.9.8b-parallel-build.patch \
|
||||||
CVE-2007-3108.patch openssl-0.9.8-gcc42.patch)
|
CVE-2007-3108.patch CVE-2007-5135.patch \
|
||||||
|
openssl-0.9.8-gcc42.patch)
|
||||||
|
|
||||||
build() {
|
build() {
|
||||||
cd $name-$version
|
cd $name-$version
|
||||||
patch -p1 -i $SRC/CVE-2007-3108.patch
|
patch -p1 -i $SRC/CVE-2007-3108.patch
|
||||||
|
patch -p0 -d ssl -i $SRC/CVE-2007-5135.patch
|
||||||
patch -p1 -i $SRC/openssl-0.9.8b-parallel-build.patch
|
patch -p1 -i $SRC/openssl-0.9.8b-parallel-build.patch
|
||||||
patch -p0 -i $SRC/openssl-0.9.8-gcc42.patch
|
patch -p0 -i $SRC/openssl-0.9.8-gcc42.patch
|
||||||
./config --prefix=/usr --openssldir=/etc/ssl shared
|
./config --prefix=/usr --openssldir=/etc/ssl shared
|
||||||
|
Loading…
Reference in New Issue
Block a user