package/openssl/patches/900-CVE-2009-1387.patch

   1 http://bugs.gentoo.org/270305
   2
   3 fix from upstream
   4
   5 --- a/ssl/d1_both.c
   6 +++ b/ssl/d1_both.c
   7 @@ -585,30 +585,31 @@ dtls1_process_out_of_seq_message(SSL *s,
   8                         }
   9                 }
  10
  11 -       frag = dtls1_hm_fragment_new(frag_len);
  12 -       if ( frag == NULL)
  13 -               goto err;
  14 +       if (frag_len)
  15 +       {
  16 +               frag = dtls1_hm_fragment_new(frag_len);
  17 +               if ( frag == NULL)
  18 +                       goto err;
  19
  20 -       memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
  21 +               memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
  22
  23 -       if (frag_len)
  24 -               {
  25 -               /* read the body of the fragment (header has already been read */
  26 +               /* read the body of the fragment (header has already been read) */
  27                 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
  28                         frag->fragment,frag_len,0);
  29                 if (i<=0 || (unsigned long)i!=frag_len)
  30                         goto err;
  31 -               }
  32
  33 -       pq_64bit_init(&seq64);
  34 -       pq_64bit_assign_word(&seq64, msg_hdr->seq);
  35 +               pq_64bit_init(&seq64);
  36 +               pq_64bit_assign_word(&seq64, msg_hdr->seq);
  37
  38 -       item = pitem_new(seq64, frag);
  39 -       pq_64bit_free(&seq64);
  40 -       if ( item == NULL)
  41 -               goto err;
  42 +               item = pitem_new(seq64, frag);
  43 +               pq_64bit_free(&seq64);
  44 +               if ( item == NULL)
  45 +                       goto err;
  46 +
  47 +               pqueue_insert(s->d1->buffered_messages, item);
  48 +       }
  49
  50 -       pqueue_insert(s->d1->buffered_messages, item);
  51         return DTLS1_HM_FRAGMENT_RETRY;
  52
  53  err: