← Back to branch summary

~ubuntu-branches/ubuntu/utopic/openssl/utopic-proposed

« back to all changes in this revision

Viewing changes to debian/patches/CVE-2014-0224-regression2.patch

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2014-06-20 13:51:23 UTC
  • Revision ID: package-import@ubuntu.com-20140620135123-55g8bgsjgxr6fuea
Tags: 1.0.1f-1ubuntu6
https://launchpad.net/bugs/1332643
* SECURITY UPDATE: regression with certain renegotiations (LP: #1332643)
  - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after
    sending finished ssl/s3_clnt.c.

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/CVE-2014-0224-regression2.patch
 
1
From 9beb75d3c4ce9a93ba07951e8595c09f07496ba8 Mon Sep 17 00:00:00 2001
 
2
From: "Dr. Stephen Henson" <steve@openssl.org>
 
3
Date: Sat, 14 Jun 2014 22:24:08 +0100
 
4
Subject: [PATCH] Accept CCS after sending finished.
 
5
 
 
6
Allow CCS after finished has been sent by client: at this point
 
7
keys have been correctly set up so it is OK to accept CCS from
 
8
server. Without this renegotiation can sometimes fail.
 
9
 
 
10
PR#3400
 
11
(cherry picked from commit 99cd6a91fcb0931feaebbb4832681d40a66fad41)
 
12
---
 
13
 ssl/s3_clnt.c |    1 +
 
14
 1 file changed, 1 insertion(+)
 
15
 
 
16
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
 
17
index 167bfc6..2afb892 100644
 
18
--- a/ssl/s3_clnt.c
 
19
+++ b/ssl/s3_clnt.c
 
20
@@ -510,6 +510,7 @@ int ssl3_connect(SSL *s)
 
21
                                s->method->ssl3_enc->client_finished_label,
 
22
                                s->method->ssl3_enc->client_finished_label_len);
 
23
                        if (ret <= 0) goto end;
 
24
+                       s->s3->flags |= SSL3_FLAGS_CCS_OK;
 
25
                        s->state=SSL3_ST_CW_FLUSH;
 
26
 
 
27
                        /* clear flags */
 
28
-- 
 
29
1.7.9.5
 
30