[notify] openssl: fix for CVE-2007-5135
See http://www.securityfocus.com/bid/25831
This commit is contained in:
parent
32df899cfd
commit
9a46286a22
@ -1,4 +1,5 @@
|
||||
30ad2995a2668db16ae3083c11a42307 CVE-2007-3108.patch
|
||||
21119cb0b942c835395d7f57530ba14a CVE-2007-5135.patch
|
||||
9d0df57845af8acd1027a7df5c18d017 mksslcert.sh
|
||||
58daa890c3bc19bd6ce3451b2e5e335c openssl-0.9.8b-parallel-build.patch
|
||||
3a7ff24f6ea5cd711984722ad654b927 openssl-0.9.8e.tar.gz
|
||||
|
46
openssl/CVE-2007-5135.patch
Normal file
46
openssl/CVE-2007-5135.patch
Normal file
@ -0,0 +1,46 @@
|
||||
openssl/ssl/ssl_lib.c 1.133.2.9 -> 1.133.2.10
|
||||
|
||||
--- ssl_lib.c 2007/08/12 18:59:02 1.133.2.9
|
||||
+++ ssl_lib.c 2007/09/19 12:16:21 1.133.2.10
|
||||
@@ -1210,7 +1210,6 @@
|
||||
char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
|
||||
{
|
||||
char *p;
|
||||
- const char *cp;
|
||||
STACK_OF(SSL_CIPHER) *sk;
|
||||
SSL_CIPHER *c;
|
||||
int i;
|
||||
@@ -1223,20 +1222,21 @@
|
||||
sk=s->session->ciphers;
|
||||
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
|
||||
{
|
||||
- /* Decrement for either the ':' or a '\0' */
|
||||
- len--;
|
||||
+ int n;
|
||||
+
|
||||
c=sk_SSL_CIPHER_value(sk,i);
|
||||
- for (cp=c->name; *cp; )
|
||||
+ n=strlen(c->name);
|
||||
+ if (n+1 > len)
|
||||
{
|
||||
- if (len-- <= 0)
|
||||
- {
|
||||
- *p='\0';
|
||||
- return(buf);
|
||||
- }
|
||||
- else
|
||||
- *(p++)= *(cp++);
|
||||
+ if (p != buf)
|
||||
+ --p;
|
||||
+ *p='\0';
|
||||
+ return buf;
|
||||
}
|
||||
+ strcpy(p,c->name);
|
||||
+ p+=n;
|
||||
*(p++)=':';
|
||||
+ len-=n+1;
|
||||
}
|
||||
p[-1]='\0';
|
||||
return(buf);
|
||||
|
||||
|
@ -4,14 +4,15 @@
|
||||
|
||||
name=openssl
|
||||
version=0.9.8e
|
||||
release=2
|
||||
release=3
|
||||
source=(http://www.openssl.org/source/$name-$version.tar.gz \
|
||||
mksslcert.sh openssl-0.9.8b-parallel-build.patch \
|
||||
CVE-2007-3108.patch)
|
||||
CVE-2007-3108.patch CVE-2007-5135.patch)
|
||||
|
||||
build() {
|
||||
cd $name-$version
|
||||
patch -p1 -i $SRC/CVE-2007-3108.patch
|
||||
patch -p0 -d ssl -i $SRC/CVE-2007-5135.patch
|
||||
patch -p1 -i $SRC/openssl-0.9.8b-parallel-build.patch
|
||||
./config --prefix=/usr --openssldir=/etc/ssl shared
|
||||
make
|
||||
|
Loading…
Reference in New Issue
Block a user