[Pkg-openssl-changes] r384 - in openssl/trunk: debian ssl

Kurt Roeckx kroeckx at alioth.debian.org
Wed May 27 19:07:14 UTC 2009


Author: kroeckx
Date: 2009-05-27 19:07:14 +0000 (Wed, 27 May 2009)
New Revision: 384

Modified:
   openssl/trunk/debian/changelog
   openssl/trunk/ssl/d1_both.c
Log:
Fix "DTLS use after free" (CVE-2009-1379)


Modified: openssl/trunk/debian/changelog
===================================================================
--- openssl/trunk/debian/changelog	2009-05-27 19:05:14 UTC (rev 383)
+++ openssl/trunk/debian/changelog	2009-05-27 19:07:14 UTC (rev 384)
@@ -5,6 +5,7 @@
   * Fix security issues (Closes: #530400)
     - "DTLS record buffer limitation bug." (CVE-2009-1377)
     - "DTLS fragment handling" (CVE-2009-1378)
+    - "DTLS use after free" (CVE-2009-1379)
 
  -- Kurt Roeckx <kurt at roeckx.be>  Sat, 16 May 2009 17:33:55 +0200
 

Modified: openssl/trunk/ssl/d1_both.c
===================================================================
--- openssl/trunk/ssl/d1_both.c	2009-05-27 19:05:14 UTC (rev 383)
+++ openssl/trunk/ssl/d1_both.c	2009-05-27 19:07:14 UTC (rev 384)
@@ -530,13 +530,14 @@
 				frag->fragment,frag->msg_header.frag_len);
 			}
 
+		unsigned long frag_len = frag->msg_header.frag_len;
 		dtls1_hm_fragment_free(frag);
 		pitem_free(item);
 
 		if (al==0)
 			{
 			*ok = 1;
-			return frag->msg_header.frag_len;
+			return frag_len;
 			}
 
 		ssl3_send_alert(s,SSL3_AL_FATAL,al);




More information about the Pkg-openssl-changes mailing list