aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2004-03-17 12:18:23 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2004-03-17 12:18:23 +0000
commitbdc9df456b5149782731e3630aa369fa0b678723 (patch)
treed7eb665ad08340709c994abae2e603dd5eb775f1
parent1540e0028186a7a1040eb9936cad01b035ca7f91 (diff)
downloadsrc-bdc9df456b5149782731e3630aa369fa0b678723.tar.gz
src-bdc9df456b5149782731e3630aa369fa0b678723.zip
MFC s3_pkt.c 1.1.1.9:
Correct a denial-of-service vulnerability in OpenSSL (CAN-2004-0079).
Notes
Notes: svn path=/releng/4.9/; revision=127117
-rw-r--r--UPDATING3
-rw-r--r--crypto/openssl/crypto/opensslv.h2
-rw-r--r--crypto/openssl/ssl/s3_pkt.c8
-rw-r--r--sys/conf/newvers.sh2
4 files changed, 13 insertions, 2 deletions
diff --git a/UPDATING b/UPDATING
index ea979b1f074d..918708cd3e3c 100644
--- a/UPDATING
+++ b/UPDATING
@@ -17,6 +17,9 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20040317: p4 FreeBSD-SA-04:05.openssl
+ Correct a denial-of-service vulnerability in OpenSSL.
+
20040302: p3 FreeBSD-SA-04:04.tcp
Limit TCP segment reassembly queue size.
diff --git a/crypto/openssl/crypto/opensslv.h b/crypto/openssl/crypto/opensslv.h
index e226d9de7969..8e49adb64d09 100644
--- a/crypto/openssl/crypto/opensslv.h
+++ b/crypto/openssl/crypto/opensslv.h
@@ -26,7 +26,7 @@
* major minor fix final patch/beta)
*/
#define OPENSSL_VERSION_NUMBER 0x0090703fL
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7c 30 Sep 2003"
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7c-p1 30 Sep 2003"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/crypto/openssl/ssl/s3_pkt.c b/crypto/openssl/ssl/s3_pkt.c
index 3f88429e79a6..9f3e5139ad97 100644
--- a/crypto/openssl/ssl/s3_pkt.c
+++ b/crypto/openssl/ssl/s3_pkt.c
@@ -1085,6 +1085,14 @@ start:
goto err;
}
+ /* Check we have a cipher to change to */
+ if (s->s3->tmp.new_cipher == NULL)
+ {
+ i=SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
+ goto err;
+ }
+
rr->length=0;
if (s->msg_callback)
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index d314bc0a1b46..0497ccc6fcee 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -36,7 +36,7 @@
TYPE="FreeBSD"
REVISION="4.9"
-BRANCH="RELEASE-p3"
+BRANCH="RELEASE-p4"
RELEASE="${REVISION}-${BRANCH}"
VERSION="${TYPE} ${RELEASE}"