openssl-1_1/openssl-CVE-2024-4741.patch

42 lines
1.5 KiB
Diff

@@ -, +, @@
---
ssl/record/methods/tls_common.c | 8 ++++++++
1 file changed, 8 insertions(+)
Index: openssl-1.1.1w/ssl/record/ssl3_buffer.c
===================================================================
--- openssl-1.1.1w.orig/ssl/record/ssl3_buffer.c 2023-09-11 14:08:11.000000000 +0000
+++ openssl-1.1.1w/ssl/record/ssl3_buffer.c 2024-06-12 07:58:27.817211675 +0000
@@ -179,5 +179,7 @@ int ssl3_release_read_buffer(SSL *s)
b = RECORD_LAYER_get_rbuf(&s->rlayer);
OPENSSL_free(b->buf);
b->buf = NULL;
+ s->rlayer.packet = NULL;
+ s->rlayer.packet_length = 0;
return 1;
}
Index: openssl-1.1.1w/ssl/record/rec_layer_s3.c
===================================================================
--- openssl-1.1.1w.orig/ssl/record/rec_layer_s3.c 2023-09-11 14:08:11.000000000 +0000
+++ openssl-1.1.1w/ssl/record/rec_layer_s3.c 2024-06-12 07:58:27.817211675 +0000
@@ -17,6 +17,7 @@
#include "record_local.h"
#include "../packet_local.h"
#include "internal/cryptlib.h"
+#include "internal/cryptlib.h"
#if defined(OPENSSL_SMALL_FOOTPRINT) || \
!( defined(AESNI_ASM) && ( \
@@ -238,6 +239,12 @@ int ssl3_read_n(SSL *s, size_t n, size_t
s->rlayer.packet_length = 0;
/* ... now we can act as if 'extend' was set */
}
+ if (!ossl_assert(s->rlayer.packet != NULL)) {
+ /* does not happen */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N,
+ ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
len = s->rlayer.packet_length;
pkt = rb->buf + align;