[Pkg-openssl-changes] r526 - in openssl/branches/squeeze/debian: . patches
Kurt Roeckx
kroeckx at alioth.debian.org
Wed Jan 18 20:00:25 UTC 2012
Author: kroeckx
Date: 2012-01-18 20:00:25 +0000 (Wed, 18 Jan 2012)
New Revision: 526
Added:
openssl/branches/squeeze/debian/patches/CVE-2012-0050.patch
Modified:
openssl/branches/squeeze/debian/changelog
openssl/branches/squeeze/debian/patches/series
Log:
Fix CVE-2012-0050
Modified: openssl/branches/squeeze/debian/changelog
===================================================================
--- openssl/branches/squeeze/debian/changelog 2012-01-18 19:48:27 UTC (rev 525)
+++ openssl/branches/squeeze/debian/changelog 2012-01-18 20:00:25 UTC (rev 526)
@@ -1,3 +1,9 @@
+openssl (0.9.8o-4squeeze6) squeeze-security; urgency=low
+
+ * Fix CVE-2012-0050
+
+ -- Kurt Roeckx <kurt at roeckx.be> Wed, 18 Jan 2012 20:59:12 +0100
+
openssl (0.9.8o-4squeeze5) squeeze-security; urgency=low
* Fix CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4619
Added: openssl/branches/squeeze/debian/patches/CVE-2012-0050.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/CVE-2012-0050.patch (rev 0)
+++ openssl/branches/squeeze/debian/patches/CVE-2012-0050.patch 2012-01-18 20:00:25 UTC (rev 526)
@@ -0,0 +1,36 @@
+--- a/ssl/d1_pkt.c
++++ b/ssl/d1_pkt.c
+@@ -376,6 +376,7 @@ dtls1_process_record(SSL *s)
+ unsigned int mac_size;
+ unsigned char md[EVP_MAX_MD_SIZE];
+ int decryption_failed_or_bad_record_mac = 0;
++ unsigned char *mac = NULL;
+
+
+ rr= &(s->s3->rrec);
+@@ -447,19 +448,15 @@ printf("\n");
+ #endif
+ }
+ /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
+- if (rr->length < mac_size)
++ if (rr->length >= mac_size)
+ {
+-#if 0 /* OK only for stream ciphers */
+- al=SSL_AD_DECODE_ERROR;
+- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
+- goto f_err;
+-#else
+- decryption_failed_or_bad_record_mac = 1;
+-#endif
++ rr->length -= mac_size;
++ mac = &rr->data[rr->length];
+ }
+- rr->length-=mac_size;
++ else
++ rr->length = 0;
+ i=s->method->ssl3_enc->mac(s,md,0);
+- if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
++ if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0)
+ {
+ decryption_failed_or_bad_record_mac = 1;
+ }
Modified: openssl/branches/squeeze/debian/patches/series
===================================================================
--- openssl/branches/squeeze/debian/patches/series 2012-01-18 19:48:27 UTC (rev 525)
+++ openssl/branches/squeeze/debian/patches/series 2012-01-18 20:00:25 UTC (rev 526)
@@ -32,3 +32,4 @@
CVE-2011-4576.patch
CVE-2011-4577.patch
dtls-fragment-alert.patch
+CVE-2012-0050.patch
More information about the Pkg-openssl-changes
mailing list