[Pkg-openssl-changes] r665 - in openssl/branches/wheezy/debian: . patches

[Kurt Roeckx]

Author: kroeckx
Date: 2014-05-12 21:25:58 +0000 (Mon, 12 May 2014)
New Revision: 665

Added:
   openssl/branches/wheezy/debian/patches/CVE-2014-0198.patch
Modified:
   openssl/branches/wheezy/debian/changelog
   openssl/branches/wheezy/debian/patches/series
Log:
Fix CVE-2014-0198 (Closes: #747432)


Modified: openssl/branches/wheezy/debian/changelog
===================================================================
--- openssl/branches/wheezy/debian/changelog	2014-05-12 21:25:02 UTC (rev 664)
+++ openssl/branches/wheezy/debian/changelog	2014-05-12 21:25:58 UTC (rev 665)
@@ -1,3 +1,9 @@
+openssl (1.0.1e-2+deb7u9) wheezy-security; urgency=medium
+
+  * Fix CVE-2014-0198 (Closes: #747432)
+
+ -- Kurt Roeckx <kurt at roeckx.be>  Mon, 12 May 2014 22:10:41 +0200
+
 openssl (1.0.1e-2+deb7u8) wheezy; urgency=medium
 
   * Don't prefer ECDHE_ECDSA with some Safari versions

Added: openssl/branches/wheezy/debian/patches/CVE-2014-0198.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/CVE-2014-0198.patch	                        (rev 0)
+++ openssl/branches/wheezy/debian/patches/CVE-2014-0198.patch	2014-05-12 21:25:58 UTC (rev 665)
@@ -0,0 +1,37 @@
+From b107586c0c3447ea22dba8698ebbcd81bb29d48c Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt at openssl.org>
+Date: Mon, 12 May 2014 00:38:37 +0100
+Subject: [PATCH] Fixed NULL pointer dereference. See PR#3321
+
+---
+ ssl/s3_pkt.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
+index 40eb0dd..d961d12 100644
+--- a/ssl/s3_pkt.c
++++ b/ssl/s3_pkt.c
+@@ -657,9 +657,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+ 	SSL3_BUFFER *wb=&(s->s3->wbuf);
+ 	SSL_SESSION *sess;
+ 
+- 	if (wb->buf == NULL)
+-		if (!ssl3_setup_write_buffer(s))
+-			return -1;
+ 
+ 	/* first check if there is a SSL3_BUFFER still being written
+ 	 * out.  This will happen with non blocking IO */
+@@ -675,6 +672,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+ 		/* if it went, fall through and send more stuff */
+ 		}
+ 
++ 	if (wb->buf == NULL)
++		if (!ssl3_setup_write_buffer(s))
++			return -1;
++
+ 	if (len == 0 && !create_empty_fragment)
+ 		return 0;
+ 
+-- 
+2.0.0.rc0
+

Modified: openssl/branches/wheezy/debian/patches/series
===================================================================
--- openssl/branches/wheezy/debian/patches/series	2014-05-12 21:25:02 UTC (rev 664)
+++ openssl/branches/wheezy/debian/patches/series	2014-05-12 21:25:58 UTC (rev 665)
@@ -47,3 +47,4 @@
 CVE-2014-XXXX-Extension-checking-fixes.patch
 CVE-2014-0076.patch
 ECDHE-ECDSA_Safari.patch
+CVE-2014-0198.patch