rpms/openssl/F-9 openssl-0.9.8g-cve-2008-0891.patch, NONE, 1.1 openssl-0.9.8g-cve-2008-1671.patch, NONE, 1.1

Tomáš Mráz (tmraz) fedora-extras-commits at redhat.com
Wed May 28 17:46:06 UTC 2008 

Author: tmraz

Update of /cvs/pkgs/rpms/openssl/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31452

Added Files:
	openssl-0.9.8g-cve-2008-0891.patch 
	openssl-0.9.8g-cve-2008-1671.patch 
Log Message:
* Wed May 28 2008 Tomas Mraz <tmraz at redhat.com> 0.9.8g-9
- fix CVE-2008-0891 - server name extension crash (#448492)
- fix CVE-2008-1672 - server key exchange message omit crash (#448495)


openssl-0.9.8g-cve-2008-0891.patch:

--- NEW FILE openssl-0.9.8g-cve-2008-0891.patch ---
*) Fix double free in TLS server name extensions which could lead to a remote
crash found by Codenomicon TLS test suite (CVE-2008-0891) [Joe Orton]
Index: ssl/t1_lib.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/t1_lib.c,v
retrieving revision 1.13.2.8
diff -u -r1.13.2.8 ssl/t1_lib.c
--- ssl/t1_lib.c 18 Oct 2007 11:39:11 -0000
+++ ssl/t1_lib.c 18 Mar 2008 12:06:58 -0000
@@ -381,6 +381,7 @@
 						s->session->tlsext_hostname[len]='\0';
 						if (strlen(s->session->tlsext_hostname) != len) {
 							OPENSSL_free(s->session->tlsext_hostname);
+							s->session->tlsext_hostname = NULL;
 							*al = TLS1_AD_UNRECOGNIZED_NAME;
 							return 0;
 						}

openssl-0.9.8g-cve-2008-1671.patch:

--- NEW FILE openssl-0.9.8g-cve-2008-1671.patch ---
*) Fix flaw if 'Server Key exchange message' is omitted from a TLS
Handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672) [Steve Henson, Mark Cox]
Index: ssl/s3_clnt.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s3_clnt.c,v
retrieving revision 1.88.2.12
diff -u -r1.88.2.12 ssl/s3_clnt.c
--- ssl/s3_clnt.c 3 Nov 2007 13:07:39 -0000
+++ ssl/s3_clnt.c 22 May 2008 09:19:30 -0000
@@ -2061,6 +2061,13 @@
 			{
 			DH *dh_srvr,*dh_clnt;
 
+                        if (s->session->sess_cert == NULL) 
+                                {
+                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+                                goto err;
+                                }
+
 			if (s->session->sess_cert->peer_dh_tmp != NULL)
 				dh_srvr=s->session->sess_cert->peer_dh_tmp;
 			else

More information about the fedora-extras-commits mailing list