← Back to branch summary

~ubuntu-branches/ubuntu/lucid/openssl/lucid-security

« back to all changes in this revision

Viewing changes to debian/patches/CVE-2014-0224-regression2.patch

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2014-06-20 13:59:20 UTC
  • Revision ID: package-import@ubuntu.com-20140620135920-njqxz2sd1or0i23e
Tags: 0.9.8k-7ubuntu8.19
https://launchpad.net/bugs/1332643
* SECURITY UPDATE: regression with certain renegotiations (LP: #1332643)
  - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after
    sending finished ssl/s3_clnt.c.

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/CVE-2014-0224-regression2.patch
 
1
From 70d923fb0359ed68e59b8c59d1687ebff6f8d952 Mon Sep 17 00:00:00 2001
 
2
From: "Dr. Stephen Henson" <steve@openssl.org>
 
3
Date: Sat, 14 Jun 2014 22:24:08 +0100
 
4
Subject: [PATCH] Accept CCS after sending finished.
 
5
 
 
6
Allow CCS after finished has been sent by client: at this point
 
7
keys have been correctly set up so it is OK to accept CCS from
 
8
server. Without this renegotiation can sometimes fail.
 
9
 
 
10
PR#3400
 
11
(cherry picked from commit 99cd6a91fcb0931feaebbb4832681d40a66fad41)
 
12
---
 
13
 ssl/s3_clnt.c |    1 +
 
14
 1 file changed, 1 insertion(+)
 
15
 
 
16
Index: openssl-0.9.8k/ssl/s3_clnt.c
 
17
===================================================================
 
18
--- openssl-0.9.8k.orig/ssl/s3_clnt.c   2014-06-20 13:58:38.875773758 -0400
 
19
+++ openssl-0.9.8k/ssl/s3_clnt.c        2014-06-20 13:58:38.859773758 -0400
 
20
@@ -435,6 +435,7 @@
 
21
                                s->method->ssl3_enc->client_finished_label,
 
22
                                s->method->ssl3_enc->client_finished_label_len);
 
23
                        if (ret <= 0) goto end;
 
24
+                       s->s3->flags |= SSL3_FLAGS_CCS_OK;
 
25
                        s->state=SSL3_ST_CW_FLUSH;
 
26
 
 
27
                        /* clear flags */