aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/openssl-CVE-2010-5298.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/openssl-CVE-2010-5298.patch')
-rw-r--r--gnu/packages/patches/openssl-CVE-2010-5298.patch27
1 files changed, 27 insertions, 0 deletions
diff --git a/gnu/packages/patches/openssl-CVE-2010-5298.patch b/gnu/packages/patches/openssl-CVE-2010-5298.patch
new file mode 100644
index 0000000000..707a24dff0
--- /dev/null
+++ b/gnu/packages/patches/openssl-CVE-2010-5298.patch
@@ -0,0 +1,27 @@
+From db978be7388852059cf54e42539a363d549c5bfd Mon Sep 17 00:00:00 2001
+From: Kurt Roeckx <kurt@roeckx.be>
+Date: Sun, 13 Apr 2014 15:05:30 +0200
+Subject: [PATCH] Don't release the buffer when there still is data in it
+
+RT: 2167, 3265
+---
+ ssl/s3_pkt.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
+index b9e45c7..32e9207 100644
+--- a/ssl/s3_pkt.c
++++ b/ssl/s3_pkt.c
+@@ -1055,7 +1055,8 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
+ {
+ s->rstate=SSL_ST_READ_HEADER;
+ rr->off=0;
+- if (s->mode & SSL_MODE_RELEASE_BUFFERS)
++ if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
++ s->s3->rbuf.left == 0)
+ ssl3_release_read_buffer(s);
+ }
+ }
+--
+1.9.1
+