| diff -Nura openssl-0.9.8l/crypto/pqueue/pqueue.c openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.c |
| --- openssl-0.9.8l/crypto/pqueue/pqueue.c 2005-06-28 09:53:33.000000000 -0300 |
| +++ openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.c 2009-11-10 13:19:42.000000000 -0300 |
| +pqueue_size(pqueue_s *pq) |
| + pitem *item = pq->items; |
| diff -Nura openssl-0.9.8l/crypto/pqueue/pqueue.h openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.h |
| --- openssl-0.9.8l/crypto/pqueue/pqueue.h 2005-05-30 19:34:27.000000000 -0300 |
| +++ openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.h 2009-11-10 13:19:42.000000000 -0300 |
| pitem *pqueue_next(piterator *iter); |
| void pqueue_print(pqueue pq); |
| +int pqueue_size(pqueue pq); |
| #endif /* ! HEADER_PQUEUE_H */ |
| diff -Nura openssl-0.9.8l/ssl/d1_pkt.c openssl-0.9.8l-CVE-2009-1377/ssl/d1_pkt.c |
| --- openssl-0.9.8l/ssl/d1_pkt.c 2009-11-05 12:21:28.000000000 -0300 |
| +++ openssl-0.9.8l-CVE-2009-1377/ssl/d1_pkt.c 2009-11-10 13:19:42.000000000 -0300 |
| DTLS1_RECORD_DATA *rdata; |
| + /* Limit the size of the queue to prevent DOS attacks */ |
| + if (pqueue_size(queue->q) >= 100) |
| rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); |
| item = pitem_new(priority, rdata); |
| if (rdata == NULL || item == NULL) |