Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssl/common/patches/052-CVE-2016-6302.patch
changeset 6964 c3b11711b2b9
parent 6963 78a1c83a7df1
child 6965 beaa97be01e8 
--- a/components/openssl/common/patches/052-CVE-2016-6302.patch	Fri Sep 23 08:18:05 2016 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,30 +0,0 @@
-# The patch is based on the following commit from the upstream:
-# https://github.com/openssl/openssl/commit/baaabfd8fdcec04a691695fad9a664bea43202b6
-# The fix is patched until the new version becomes available
-# from the upstream.
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -3401,9 +3401,7 @@
-     HMAC_CTX hctx;
-     EVP_CIPHER_CTX ctx;
-     SSL_CTX *tctx = s->initial_ctx;
--    /* Need at least keyname + iv + some encrypted data */
--    if (eticklen < 48)
--        return 2;
-+
-     /* Initialize session ticket encryption and HMAC contexts */
-     HMAC_CTX_init(&hctx);
-     EVP_CIPHER_CTX_init(&ctx);
-@@ -3437,6 +3435,12 @@
-     if (mlen < 0) {
-         goto err;
-     }
-+    /* Sanity check ticket length: must exceed keyname + IV + HMAC */
-+    if (eticklen <= 16 + EVP_CIPHER_CTX_iv_length(&ctx) + mlen) {
-+        HMAC_CTX_cleanup(&hctx);
-+        EVP_CIPHER_CTX_cleanup(&ctx);
-+        return 2;
-+    }
-     eticklen -= mlen;
-     /* Check HMAC of encrypted ticket */
-     if (HMAC_Update(&hctx, etick, eticklen) <= 0
upstream/oracle/userland-gate