[Pkg-openssl-changes] r527 - openssl/branches/squeeze/debian/patches

[Kurt Roeckx]

Author: kroeckx
Date: 2012-01-18 20:08:25 +0000 (Wed, 18 Jan 2012)
New Revision: 527

Modified:
   openssl/branches/squeeze/debian/patches/CVE-2012-0050.patch
Log:
Make the patch apply


Modified: openssl/branches/squeeze/debian/patches/CVE-2012-0050.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/CVE-2012-0050.patch	2012-01-18 20:00:25 UTC (rev 526)
+++ openssl/branches/squeeze/debian/patches/CVE-2012-0050.patch	2012-01-18 20:08:25 UTC (rev 527)
@@ -1,6 +1,8 @@
---- a/ssl/d1_pkt.c
-+++ b/ssl/d1_pkt.c
-@@ -376,6 +376,7 @@ dtls1_process_record(SSL *s)
+Index: openssl-0.9.8o/ssl/d1_pkt.c
+===================================================================
+--- openssl-0.9.8o.orig/ssl/d1_pkt.c	2012-01-18 20:03:12.000000000 +0000
++++ openssl-0.9.8o/ssl/d1_pkt.c	2012-01-18 20:07:36.000000000 +0000
+@@ -339,6 +339,7 @@
  	unsigned int mac_size;
  	unsigned char md[EVP_MAX_MD_SIZE];
  	int decryption_failed_or_bad_record_mac = 0;
@@ -8,7 +10,7 @@
  
  
  	rr= &(s->s3->rrec);
-@@ -447,19 +448,15 @@ printf("\n");
+@@ -406,19 +407,15 @@
  #endif			
  			}
  		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
@@ -29,7 +31,7 @@
 +		else
 +			rr->length = 0;
  		i=s->method->ssl3_enc->mac(s,md,0);
--		if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
+-		if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
 +		if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0)
  			{
  			decryption_failed_or_bad_record_mac = 1;