blob: 4c51d746ffb2dc4ee9be7141c3ef4b2acaaceaab (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
Upstream-Status: Backport
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1093837
CVE-2014-0198: An attacker can trigger generation of an SSL
alert which could cause a null pointer dereference.
Signed-off-by: Maxin B. John <maxin.john@enea.com>
---
diff -Naur openssl-1.0.1g-orig/ssl/s3_pkt.c openssl-1.0.1g/ssl/s3_pkt.c
--- openssl-1.0.1g-orig/ssl/s3_pkt.c 2014-03-17 17:14:20.000000000 +0100
+++ openssl-1.0.1g/ssl/s3_pkt.c 2014-05-06 02:32:43.862587660 +0200
@@ -657,6 +657,10 @@
if (i <= 0)
return(i);
/* if it went, fall through and send more stuff */
+ /* we may have released our buffer, so get it again */
+ if (wb->buf == NULL)
+ if (!ssl3_setup_write_buffer(s))
+ return -1;
}
if (len == 0 && !create_empty_fragment)
|
