openwrtv4/package/openssl/patches/900-CVE-2009-1377.patch

45 lines
1,002 B
Diff
Raw Normal View History

http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
--- a/crypto/pqueue/pqueue.c
+++ b/crypto/pqueue/pqueue.c
@@ -234,3 +234,17 @@ pqueue_next(pitem **item)
return ret;
}
+
+int
+pqueue_size(pqueue_s *pq)
+{
+ pitem *item = pq->items;
+ int count = 0;
+
+ while(item != NULL)
+ {
+ count++;
+ item = item->next;
+ }
+ return count;
+}
--- a/crypto/pqueue/pqueue.h
+++ b/crypto/pqueue/pqueue.h
@@ -91,5 +91,6 @@ pitem *pqueue_iterator(pqueue pq);
pitem *pqueue_next(piterator *iter);
void pqueue_print(pqueue pq);
+int pqueue_size(pqueue pq);
#endif /* ! HEADER_PQUEUE_H */
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -167,6 +167,10 @@ dtls1_buffer_record(SSL *s, record_pqueu
DTLS1_RECORD_DATA *rdata;
pitem *item;
+ /* Limit the size of the queue to prevent DOS attacks */
+ if (pqueue_size(queue->q) >= 100)
+ return 0;
+
rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
item = pitem_new(priority, rdata);
if (rdata == NULL || item == NULL)