1
#! /bin/sh /usr/share/dpatch/dpatch-run
2
## 92_CVE-2008-1531.dpatch by Emanuele Gentili <emgent@emanuele-gentili.com>
4
## All lines beginning with `## DP:' are a description of the patch.
8
diff -urNad lighttpd-1.4.19~/src/connections.c lighttpd-1.4.19/src/connections.c
9
--- lighttpd-1.4.19~/src/connections.c 2008-02-28 00:41:35.000000000 +0100
10
+++ lighttpd-1.4.19/src/connections.c 2008-04-06 00:07:21.000000000 +0200
13
/* don't resize the buffer if we were in SSL_ERROR_WANT_* */
17
if (!con->ssl_error_want_reuse_buffer) {
19
@@ -1668,21 +1669,52 @@
22
if (srv_sock->is_ssl) {
27
switch ((ret = SSL_shutdown(con->ssl))) {
32
- SSL_shutdown(con->ssl);
35
+ if (-1 != (ret = SSL_shutdown(con->ssl))) break;
39
- log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
40
- SSL_get_error(con->ssl, ret),
41
- ERR_error_string(ERR_get_error(), NULL));
44
+ switch ((ssl_r = SSL_get_error(con->ssl, ret))) {
45
+ case SSL_ERROR_WANT_WRITE:
46
+ case SSL_ERROR_WANT_READ:
48
+ case SSL_ERROR_SYSCALL:
49
+ /* perhaps we have error waiting in our error-queue */
50
+ if (0 != (err = ERR_get_error())) {
52
+ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
54
+ ERR_error_string(err, NULL));
55
+ } while((err = ERR_get_error()));
57
+ log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):",
64
+ while((err = ERR_get_error())) {
65
+ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
67
+ ERR_error_string(err, NULL));
79
diff -urNad lighttpd-1.4.19~/src/network_openssl.c lighttpd-1.4.19/src/network_openssl.c
80
--- lighttpd-1.4.19~/src/network_openssl.c 2008-02-26 17:20:26.000000000 +0100
81
+++ lighttpd-1.4.19/src/network_openssl.c 2008-04-06 00:02:26.000000000 +0200
87
if ((r = SSL_write(ssl, offset, toSend)) <= 0) {
95
if ((r = SSL_write(ssl, s, toSend)) <= 0) {