24 lines
761 B
Diff
24 lines
761 B
Diff
Upstream-Status: Backport
|
|
|
|
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1093837
|
|
|
|
CVE-2014-0198: An attacker can trigger generation of an SSL
|
|
alert which could cause a null pointer dereference.
|
|
|
|
Signed-off-by: Maxin B. John <maxin.john@enea.com>
|
|
---
|
|
diff -Naur openssl-1.0.1g-orig/ssl/s3_pkt.c openssl-1.0.1g/ssl/s3_pkt.c
|
|
--- openssl-1.0.1g-orig/ssl/s3_pkt.c 2014-03-17 17:14:20.000000000 +0100
|
|
+++ openssl-1.0.1g/ssl/s3_pkt.c 2014-05-06 02:32:43.862587660 +0200
|
|
@@ -657,6 +657,10 @@
|
|
if (i <= 0)
|
|
return(i);
|
|
/* if it went, fall through and send more stuff */
|
|
+ /* we may have released our buffer, so get it again */
|
|
+ if (wb->buf == NULL)
|
|
+ if (!ssl3_setup_write_buffer(s))
|
|
+ return -1;
|
|
}
|
|
|
|
if (len == 0 && !create_empty_fragment)
|