package/openssl/openssl-CVE-2009-1377.patch - buildroot - Git at Google

 diff -Nura openssl-0.9.8l/crypto/pqueue/pqueue.c openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.c
 --- openssl-0.9.8l/crypto/pqueue/pqueue.c	2005-06-28 09:53:33.000000000 -0300
 +++ openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.c	2009-11-10 13:19:42.000000000 -0300
 @@ -234,3 +234,17 @@

  	return ret;
  	}
 +
 +int
 +pqueue_size(pqueue_s *pq)
 +{
 +	pitem *item = pq->items;
 +	int count = 0;
 +
 +	while(item != NULL)
 +	{
 +		count++;
 +		item = item->next;
 +	}
 +	return count;
 +}
 diff -Nura openssl-0.9.8l/crypto/pqueue/pqueue.h openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.h
 --- openssl-0.9.8l/crypto/pqueue/pqueue.h	2005-05-30 19:34:27.000000000 -0300
 +++ openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.h	2009-11-10 13:19:42.000000000 -0300
 @@ -91,5 +91,6 @@
  pitem *pqueue_next(piterator *iter);

  void   pqueue_print(pqueue pq);
 +int    pqueue_size(pqueue pq);

  #endif /* ! HEADER_PQUEUE_H */
 diff -Nura openssl-0.9.8l/ssl/d1_pkt.c openssl-0.9.8l-CVE-2009-1377/ssl/d1_pkt.c
 --- openssl-0.9.8l/ssl/d1_pkt.c	2009-11-05 12:21:28.000000000 -0300
 +++ openssl-0.9.8l-CVE-2009-1377/ssl/d1_pkt.c	2009-11-10 13:19:42.000000000 -0300
 @@ -167,6 +167,10 @@
      DTLS1_RECORD_DATA *rdata;
  	pitem *item;

 +	/* Limit the size of the queue to prevent DOS attacks */
 +	if (pqueue_size(queue->q) >= 100)
 +		return 0;
 +
  	rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
  	item = pitem_new(priority, rdata);
  	if (rdata == NULL || item == NULL)
	diff -Nura openssl-0.9.8l/crypto/pqueue/pqueue.c openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.c
	--- openssl-0.9.8l/crypto/pqueue/pqueue.c 2005-06-28 09:53:33.000000000 -0300
	+++ openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.c 2009-11-10 13:19:42.000000000 -0300
	@@ -234,3 +234,17 @@

	return ret;
	}
	+
	+int
	+pqueue_size(pqueue_s *pq)
	+{
	+ pitem *item = pq->items;
	+ int count = 0;
	+
	+ while(item != NULL)
	+ {
	+ count++;
	+ item = item->next;
	+ }
	+ return count;
	+}
	diff -Nura openssl-0.9.8l/crypto/pqueue/pqueue.h openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.h
	--- openssl-0.9.8l/crypto/pqueue/pqueue.h 2005-05-30 19:34:27.000000000 -0300
	+++ openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.h 2009-11-10 13:19:42.000000000 -0300
	@@ -91,5 +91,6 @@
	pitem pqueue_next(piterator iter);

	void pqueue_print(pqueue pq);
	+int pqueue_size(pqueue pq);

	#endif /* ! HEADER_PQUEUE_H */
	diff -Nura openssl-0.9.8l/ssl/d1_pkt.c openssl-0.9.8l-CVE-2009-1377/ssl/d1_pkt.c
	--- openssl-0.9.8l/ssl/d1_pkt.c 2009-11-05 12:21:28.000000000 -0300
	+++ openssl-0.9.8l-CVE-2009-1377/ssl/d1_pkt.c 2009-11-10 13:19:42.000000000 -0300
	@@ -167,6 +167,10 @@
	DTLS1_RECORD_DATA *rdata;
	pitem *item;

	+ /* Limit the size of the queue to prevent DOS attacks */
	+ if (pqueue_size(queue->q) >= 100)
	+ return 0;
	+
	rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
	item = pitem_new(priority, rdata);
	if (rdata == NULL \|\| item == NULL)