[Pkg-openssl-changes] r400 - in openssl/branches/etch: crypto/pqueue debian ssl

Kurt Roeckx kroeckx at alioth.debian.org
Mon Jun 1 13:33:52 UTC 2009 

Author: kroeckx
Date: 2009-06-01 13:33:51 +0000 (Mon, 01 Jun 2009)
New Revision: 400

Modified:
   openssl/branches/etch/crypto/pqueue/pqueue.c
   openssl/branches/etch/crypto/pqueue/pqueue.h
   openssl/branches/etch/debian/changelog
   openssl/branches/etch/ssl/d1_pkt.c
Log:
Fix "DTLS record buffer limitation bug." (CVE-2009-1377)


Modified: openssl/branches/etch/crypto/pqueue/pqueue.c
===================================================================
--- openssl/branches/etch/crypto/pqueue/pqueue.c	2009-06-01 13:32:16 UTC (rev 399)
+++ openssl/branches/etch/crypto/pqueue/pqueue.c	2009-06-01 13:33:51 UTC (rev 400)
@@ -234,3 +234,17 @@
 
 	return ret;
 	}
+
+int
+pqueue_size(pqueue_s *pq)
+{
+	pitem *item = pq->items;
+	int count = 0;
+	
+	while(item != NULL)
+	{
+		count++;
+		item = item->next;
+	}
+	return count;
+}

Modified: openssl/branches/etch/crypto/pqueue/pqueue.h
===================================================================
--- openssl/branches/etch/crypto/pqueue/pqueue.h	2009-06-01 13:32:16 UTC (rev 399)
+++ openssl/branches/etch/crypto/pqueue/pqueue.h	2009-06-01 13:33:51 UTC (rev 400)
@@ -91,5 +91,6 @@
 pitem *pqueue_next(piterator *iter);
 
 void   pqueue_print(pqueue pq);
+int    pqueue_size(pqueue pq);
 
 #endif /* ! HEADER_PQUEUE_H */

Modified: openssl/branches/etch/debian/changelog
===================================================================
--- openssl/branches/etch/debian/changelog	2009-06-01 13:32:16 UTC (rev 399)
+++ openssl/branches/etch/debian/changelog	2009-06-01 13:33:51 UTC (rev 400)
@@ -1,3 +1,9 @@
+openssl (0.9.8c-4etch6) oldstable-security; urgency=low
+
+  * Fix "DTLS record buffer limitation bug." (CVE-2009-1377)
+
+ -- Kurt Roeckx <kurt at roeckx.be>  Mon, 01 Jun 2009 15:32:47 +0200
+
 openssl (0.9.8c-4etch5) oldstable-security; urgency=low
 
   * Properly validate the length of an encoded BMPString and UniversalString

Modified: openssl/branches/etch/ssl/d1_pkt.c
===================================================================
--- openssl/branches/etch/ssl/d1_pkt.c	2009-06-01 13:32:16 UTC (rev 399)
+++ openssl/branches/etch/ssl/d1_pkt.c	2009-06-01 13:33:51 UTC (rev 400)
@@ -166,6 +166,10 @@
     DTLS1_RECORD_DATA *rdata;
 	pitem *item;
 
+	/* Limit the size of the queue to prevent DOS attacks */
+	if (pqueue_size(queue->q) >= 100)
+		return 0;
+		
 	rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
 	item = pitem_new(priority, rdata);
 	if (rdata == NULL || item == NULL)

More information about the Pkg-openssl-changes mailing list