summaryrefslogtreecommitdiffstats
path: root/package/openssl/openssl-CVE-2009-1377.patch
blob: 931370acf494985a93a7cd3ead272fe3e5103fc2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
diff -Nura openssl-0.9.8l/crypto/pqueue/pqueue.c openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.c
--- openssl-0.9.8l/crypto/pqueue/pqueue.c	2005-06-28 09:53:33.000000000 -0300
+++ openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.c	2009-11-10 13:19:42.000000000 -0300
@@ -234,3 +234,17 @@
 
 	return ret;
 	}
+
+int
+pqueue_size(pqueue_s *pq)
+{
+	pitem *item = pq->items;
+	int count = 0;
+	
+	while(item != NULL)
+	{
+		count++;
+		item = item->next;
+	}
+	return count;
+}
diff -Nura openssl-0.9.8l/crypto/pqueue/pqueue.h openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.h
--- openssl-0.9.8l/crypto/pqueue/pqueue.h	2005-05-30 19:34:27.000000000 -0300
+++ openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.h	2009-11-10 13:19:42.000000000 -0300
@@ -91,5 +91,6 @@
 pitem *pqueue_next(piterator *iter);
 
 void   pqueue_print(pqueue pq);
+int    pqueue_size(pqueue pq);
 
 #endif /* ! HEADER_PQUEUE_H */
diff -Nura openssl-0.9.8l/ssl/d1_pkt.c openssl-0.9.8l-CVE-2009-1377/ssl/d1_pkt.c
--- openssl-0.9.8l/ssl/d1_pkt.c	2009-11-05 12:21:28.000000000 -0300
+++ openssl-0.9.8l-CVE-2009-1377/ssl/d1_pkt.c	2009-11-10 13:19:42.000000000 -0300
@@ -167,6 +167,10 @@
     DTLS1_RECORD_DATA *rdata;
 	pitem *item;
 
+	/* Limit the size of the queue to prevent DOS attacks */
+	if (pqueue_size(queue->q) >= 100)
+		return 0;
+		
 	rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
 	item = pitem_new(priority, rdata);
 	if (rdata == NULL || item == NULL)