From 6b910f409716ff7aeba2a5234f2741449823d500 Mon Sep 17 00:00:00 2001 From: Bryan Drewery Date: Thu, 5 Jun 2014 17:55:38 +0000 Subject: [PATCH] MFH: r352928 - Security patch Security: CVE-2014-0198 Security: http://seclists.org/oss-sec/2014/q2/232 Security: https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321 Obtained from: OpenBSD --- security/openssl/Makefile | 2 +- security/openssl/files/patch-ssl-s3_pkt.c | 31 +++++++++++++++-------- 2 files changed, 21 insertions(+), 12 deletions(-) diff --git a/security/openssl/Makefile b/security/openssl/Makefile index a981a639d475..a4b75c935247 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -4,7 +4,7 @@ PORTNAME= openssl PORTVERSION= 1.0.1 DISTVERSIONSUFFIX= g -PORTREVISION= 11 +PORTREVISION= 12 CATEGORIES= security devel MASTER_SITES= http://www.openssl.org/%SUBDIR%/ \ ftp://ftp.openssl.org/%SUBDIR%/ \ diff --git a/security/openssl/files/patch-ssl-s3_pkt.c b/security/openssl/files/patch-ssl-s3_pkt.c index 90d5e2c3b230..4aeee094a5e1 100644 --- a/security/openssl/files/patch-ssl-s3_pkt.c +++ b/security/openssl/files/patch-ssl-s3_pkt.c @@ -1,13 +1,22 @@ -Index: crypto/openssl/ssl/s3_pkt.c -=================================================================== ---- ssl/s3_pkt.c (revision 264309) -+++ ssl/s3_pkt.c (working copy) -@@ -1055,7 +1055,7 @@ start: - { - s->rstate=SSL_ST_READ_HEADER; - rr->off=0; +--- ssl/s3_pkt.c.orig 2014-03-17 17:14:20.000000000 +0100 ++++ ssl/s3_pkt.c 2014-05-03 18:07:28.000000000 +0200 +@@ -657,6 +657,10 @@ + if (i <= 0) + return(i); + /* if it went, fall through and send more stuff */ ++ /* we may have released our buffer, so get it again */ ++ if (wb->buf == NULL) ++ if (!ssl3_setup_write_buffer(s)) ++ return -1; + } + + if (len == 0 && !create_empty_fragment) +@@ -1055,7 +1059,7 @@ + { + s->rstate=SSL_ST_READ_HEADER; + rr->off=0; - if (s->mode & SSL_MODE_RELEASE_BUFFERS) + if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0) - ssl3_release_read_buffer(s); - } - } + ssl3_release_read_buffer(s); + } + }