projects / openwrt-10.03 / .git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[package] openssl: add patch for CVE-2010-0740 ("Record of death") vulnerability
[openwrt-10.03/.git] / package / openssl / patches / 400-cve-2010-0740.patch
diff --git a/package/openssl/patches/400-cve-2010-0740.patch b/package/openssl/patches/400-cve-2010-0740.patch
new file mode 100644 (file)
index 0000000..4c893eb
--- /dev/null
+++ b/package/openssl/patches/400-cve-2010-0740.patch
@@ -0,0 +1,15 @@
+--- a/ssl/s3_pkt.c
++++ b/ssl/s3_pkt.c
+@@ -291,9 +291,9 @@ again:
+                       if (version != s->version)
+                               {
+                               SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
+-                              /* Send back error using their
+-                               * version number :-) */
+-                              s->version=version;
++                                if ((s->version & 0xFF00) == (version & 0xFF00))
++                                      /* Send back error using their minor version number :-) */
++                                      s->version = (unsigned short)version;
+                               al=SSL_AD_PROTOCOL_VERSION;
+                               goto f_err;
+                               }
Unnamed repository; edit this file 'description' to name the repository.