From 4456c9ec91d13627b3900075f8ac84ce97551679 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Wed, 21 May 2014 07:30:04 +0000
Subject: main/openssl: fix for CVE-2010-5298

fixes #2898
---
 main/openssl/CVE-2010-5298.patch | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 main/openssl/CVE-2010-5298.patch

(limited to 'main/openssl/CVE-2010-5298.patch')

diff --git a/main/openssl/CVE-2010-5298.patch b/main/openssl/CVE-2010-5298.patch
new file mode 100644
index 0000000000..4734c75092
--- /dev/null
+++ b/main/openssl/CVE-2010-5298.patch
@@ -0,0 +1,13 @@
+http://rt.openssl.org/Ticket/Attachment/37748/20587/
+
+--- openssl-1.0.1g/ssl/s3_pkt.c.orig	2014-04-11 08:10:03.115295077 -0300
++++ openssl-1.0.1g/ssl/s3_pkt.c	2014-04-11 08:10:38.788435152 -0300
+@@ -1055,7 +1055,7 @@
+ 				{
+ 				s->rstate=SSL_ST_READ_HEADER;
+ 				rr->off=0;
+-				if (s->mode & SSL_MODE_RELEASE_BUFFERS)
++				if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0)
+ 					ssl3_release_read_buffer(s);
+ 				}
+ 			}
-- 
cgit v1.2.3