[Pkg-openssl-changes] r392 - openssl/branches/lenny/ssl
Kurt Roeckx
kroeckx at alioth.debian.org
Mon Jun 1 12:39:21 UTC 2009
Author: kroeckx
Date: 2009-06-01 12:39:21 +0000 (Mon, 01 Jun 2009)
New Revision: 392
Modified:
openssl/branches/lenny/ssl/d1_pkt.c
Log:
* Fix "DTLS record buffer limitation bug." (CVE-2009-1377)
Modified: openssl/branches/lenny/ssl/d1_pkt.c
===================================================================
--- openssl/branches/lenny/ssl/d1_pkt.c 2009-06-01 12:38:43 UTC (rev 391)
+++ openssl/branches/lenny/ssl/d1_pkt.c 2009-06-01 12:39:21 UTC (rev 392)
@@ -167,6 +167,10 @@
DTLS1_RECORD_DATA *rdata;
pitem *item;
+ /* Limit the size of the queue to prevent DOS attacks */
+ if (pqueue_size(queue->q) >= 100)
+ return 0;
+
rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
item = pitem_new(priority, rdata);
if (rdata == NULL || item == NULL)
More information about the Pkg-openssl-changes
mailing list