diff options
Diffstat (limited to 'main/openssl/CVE-2014-0198.patch')
-rw-r--r-- | main/openssl/CVE-2014-0198.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/main/openssl/CVE-2014-0198.patch b/main/openssl/CVE-2014-0198.patch new file mode 100644 index 0000000000..c473719551 --- /dev/null +++ b/main/openssl/CVE-2014-0198.patch @@ -0,0 +1,37 @@ +From b107586c0c3447ea22dba8698ebbcd81bb29d48c Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Mon, 12 May 2014 00:38:37 +0100 +Subject: [PATCH] Fixed NULL pointer dereference. See PR#3321 + +--- + ssl/s3_pkt.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c +index 40eb0dd..d961d12 100644 +--- a/ssl/s3_pkt.c ++++ b/ssl/s3_pkt.c +@@ -657,9 +657,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, + SSL3_BUFFER *wb=&(s->s3->wbuf); + SSL_SESSION *sess; + +- if (wb->buf == NULL) +- if (!ssl3_setup_write_buffer(s)) +- return -1; + + /* first check if there is a SSL3_BUFFER still being written + * out. This will happen with non blocking IO */ +@@ -675,6 +672,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, + /* if it went, fall through and send more stuff */ + } + ++ if (wb->buf == NULL) ++ if (!ssl3_setup_write_buffer(s)) ++ return -1; ++ + if (len == 0 && !create_empty_fragment) + return 0; + +-- +1.7.9.5 + |