git.annexia.org / fedora-mingw.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Remove the atk*.def file.
[fedora-mingw.git] / openssl / openssl-0.9.8g-cve-2008-1671.patch
1 *) Fix flaw if 'Server Key exchange message' is omitted from a TLS
2 Handshake which could lead to a cilent crash as found using the
3 Codenomicon TLS test suite (CVE-2008-1672) [Steve Henson, Mark Cox]
4 Index: ssl/s3_clnt.c
5 ===================================================================
6 RCS file: /e/openssl/cvs/openssl/ssl/s3_clnt.c,v
7 retrieving revision 1.88.2.12
8 diff -u -r1.88.2.12 ssl/s3_clnt.c
9 --- ssl/s3_clnt.c 3 Nov 2007 13:07:39 -0000
10 +++ ssl/s3_clnt.c 22 May 2008 09:19:30 -0000
11 @@ -2061,6 +2061,13 @@
12                         {
13                         DH *dh_srvr,*dh_clnt;
14  
15 +                        if (s->session->sess_cert == NULL) 
16 +                                {
17 +                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
18 +                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
19 +                                goto err;
20 +                                }
21 +
22                         if (s->session->sess_cert->peer_dh_tmp != NULL)
23                                 dh_srvr=s->session->sess_cert->peer_dh_tmp;
24                         else
[ARCHIVE] Fedora MinGW specfiles not yet in Fedora.