Module Name: src Committed By: bouyer Date: Sun Mar 28 11:32:29 UTC 2010
Modified Files: src/crypto/external/bsd/openssl/dist/ssl: s3_pkt.c Log Message: Apply patchset 19476 from openssl repository, fixing CVE-2010-0740. from http://www.openssl.org/news/secadv_20100324.txt: "In TLS connections, certain incorrectly formatted records can cause an OpenSSL client or server to crash due to a read attempt at NULL". To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:1.6 src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:1.7 --- src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:1.6 Sun Jan 10 16:39:10 2010 +++ src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c Sun Mar 28 11:32:29 2010 @@ -337,9 +337,9 @@ if (version != s->version) { SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); - /* Send back error using their - * version number :-) */ - s->version=version; + if ((s->version & 0xFF00) == (version & 0xFF00)) + /* Send back error using their minor version number :-) */ + s->version = (unsigned short)version; al=SSL_AD_PROTOCOL_VERSION; goto f_err; }