Module Name: src
Committed By: snj
Date: Mon Apr 12 00:46:57 UTC 2010
Modified Files:
src/crypto/dist/openssl/ssl [netbsd-5-0]: s3_enc.c s3_srvr.c t1_enc.c
Log Message:
Pull up following revision(s) (requested by bouyer in ticket #1365):
crypto/external/bsd/openssl/dist/ssl/s3_enc.c: revision 1.2 via patch
crypto/external/bsd/openssl/dist/ssl/s3_srvr.c: revision 1.5 via patch
crypto/external/bsd/openssl/dist/ssl/t1_enc.c: revision 1.2 via patch
Fix crash in openssl (I suspect caused by malformed packets):
handshake_dgst[] may be used without being allocated, causing NULL
pointer dereference.
Fix by checking that handshake_dgst is not NULL before use.
Reported to openssl as ticket openssl.org #2214.
Fix tested on netbsd-5 by Luke Mewburn with apache, and by me with
freeradius (fixing segmentation fault in both cases).
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.12 -r1.1.1.12.8.1 src/crypto/dist/openssl/ssl/s3_enc.c \
src/crypto/dist/openssl/ssl/t1_enc.c
cvs rdiff -u -r1.15.4.1.2.1 -r1.15.4.1.2.2 \
src/crypto/dist/openssl/ssl/s3_srvr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
