[Pkg-openssl-changes] r381 - in openssl/trunk: crypto/pqueue debian ssl

Kurt Roeckx kroeckx at alioth.debian.org
Wed May 27 19:01:02 UTC 2009 

Author: kroeckx
Date: 2009-05-27 19:01:02 +0000 (Wed, 27 May 2009)
New Revision: 381

Modified:
   openssl/trunk/crypto/pqueue/pqueue.c
   openssl/trunk/crypto/pqueue/pqueue.h
   openssl/trunk/debian/changelog
   openssl/trunk/ssl/d1_pkt.c
Log:
Fix "DTLS record buffer limitation bug." (CVE-2009-1377)


Modified: openssl/trunk/crypto/pqueue/pqueue.c
===================================================================
--- openssl/trunk/crypto/pqueue/pqueue.c	2009-05-27 18:57:24 UTC (rev 380)
+++ openssl/trunk/crypto/pqueue/pqueue.c	2009-05-27 19:01:02 UTC (rev 381)
@@ -234,3 +234,17 @@
 
 	return ret;
 	}
+
+int
+pqueue_size(pqueue_s *pq)
+{
+	pitem *item = pq->items;
+	int count = 0;
+	
+	while(item != NULL)
+	{
+		count++;
+		item = item->next;
+	}
+	return count;
+}

Modified: openssl/trunk/crypto/pqueue/pqueue.h
===================================================================
--- openssl/trunk/crypto/pqueue/pqueue.h	2009-05-27 18:57:24 UTC (rev 380)
+++ openssl/trunk/crypto/pqueue/pqueue.h	2009-05-27 19:01:02 UTC (rev 381)
@@ -91,5 +91,6 @@
 pitem *pqueue_next(piterator *iter);
 
 void   pqueue_print(pqueue pq);
+int    pqueue_size(pqueue pq);
 
 #endif /* ! HEADER_PQUEUE_H */

Modified: openssl/trunk/debian/changelog
===================================================================
--- openssl/trunk/debian/changelog	2009-05-27 18:57:24 UTC (rev 380)
+++ openssl/trunk/debian/changelog	2009-05-27 19:01:02 UTC (rev 381)
@@ -2,6 +2,8 @@
 
   * New upstream release
   * Make aes-x86_64.pl use PIC.
+  * Fix security issues (Closes: #530400)
+    - "DTLS record buffer limitation bug." (CVE-2009-1377)
 
  -- Kurt Roeckx <kurt at roeckx.be>  Sat, 16 May 2009 17:33:55 +0200
 

Modified: openssl/trunk/ssl/d1_pkt.c
===================================================================
--- openssl/trunk/ssl/d1_pkt.c	2009-05-27 18:57:24 UTC (rev 380)
+++ openssl/trunk/ssl/d1_pkt.c	2009-05-27 19:01:02 UTC (rev 381)
@@ -167,6 +167,10 @@
     DTLS1_RECORD_DATA *rdata;
 	pitem *item;
 
+	/* Limit the size of the queue to prevent DOS attacks */
+	if (pqueue_size(queue->q) >= 100)
+		return 0;
+		
 	rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
 	item = pitem_new(priority, rdata);
 	if (rdata == NULL || item == NULL)

More information about the Pkg-openssl-changes mailing list