[Pkg-openssl-changes] r526 - in openssl/branches/squeeze/debian: . patches

Kurt Roeckx kroeckx at alioth.debian.org
Wed Jan 18 20:00:25 UTC 2012 

Author: kroeckx
Date: 2012-01-18 20:00:25 +0000 (Wed, 18 Jan 2012)
New Revision: 526

Added:
   openssl/branches/squeeze/debian/patches/CVE-2012-0050.patch
Modified:
   openssl/branches/squeeze/debian/changelog
   openssl/branches/squeeze/debian/patches/series
Log:
Fix CVE-2012-0050


Modified: openssl/branches/squeeze/debian/changelog
===================================================================
--- openssl/branches/squeeze/debian/changelog	2012-01-18 19:48:27 UTC (rev 525)
+++ openssl/branches/squeeze/debian/changelog	2012-01-18 20:00:25 UTC (rev 526)
@@ -1,3 +1,9 @@
+openssl (0.9.8o-4squeeze6) squeeze-security; urgency=low
+
+  * Fix CVE-2012-0050
+
+ -- Kurt Roeckx <kurt at roeckx.be>  Wed, 18 Jan 2012 20:59:12 +0100
+
 openssl (0.9.8o-4squeeze5) squeeze-security; urgency=low
 
   * Fix CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4619

Added: openssl/branches/squeeze/debian/patches/CVE-2012-0050.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/CVE-2012-0050.patch	                        (rev 0)
+++ openssl/branches/squeeze/debian/patches/CVE-2012-0050.patch	2012-01-18 20:00:25 UTC (rev 526)
@@ -0,0 +1,36 @@
+--- a/ssl/d1_pkt.c
++++ b/ssl/d1_pkt.c
+@@ -376,6 +376,7 @@ dtls1_process_record(SSL *s)
+ 	unsigned int mac_size;
+ 	unsigned char md[EVP_MAX_MD_SIZE];
+ 	int decryption_failed_or_bad_record_mac = 0;
++	unsigned char *mac = NULL;
+ 
+ 
+ 	rr= &(s->s3->rrec);
+@@ -447,19 +448,15 @@ printf("\n");
+ #endif			
+ 			}
+ 		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
+-		if (rr->length < mac_size)
++		if (rr->length >= mac_size)
+ 			{
+-#if 0 /* OK only for stream ciphers */
+-			al=SSL_AD_DECODE_ERROR;
+-			SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
+-			goto f_err;
+-#else
+-			decryption_failed_or_bad_record_mac = 1;
+-#endif
++			rr->length -= mac_size;
++			mac = &rr->data[rr->length];
+ 			}
+-		rr->length-=mac_size;
++		else
++			rr->length = 0;
+ 		i=s->method->ssl3_enc->mac(s,md,0);
+-		if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
++		if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0)
+ 			{
+ 			decryption_failed_or_bad_record_mac = 1;
+ 			}

Modified: openssl/branches/squeeze/debian/patches/series
===================================================================
--- openssl/branches/squeeze/debian/patches/series	2012-01-18 19:48:27 UTC (rev 525)
+++ openssl/branches/squeeze/debian/patches/series	2012-01-18 20:00:25 UTC (rev 526)
@@ -32,3 +32,4 @@
 CVE-2011-4576.patch
 CVE-2011-4577.patch
 dtls-fragment-alert.patch
+CVE-2012-0050.patch

More information about the Pkg-openssl-changes mailing list