forked from pool/openssl-1_1
Pedro Monreal Gonzalez
18ecb7a582
- Security fix: [bsc#1227138, CVE-2024-5535] * SSL_select_next_proto buffer overread * Add openssl-CVE-2024-5535.patch - Apply "openssl-CVE-2024-4741.patch" to fix a use-after-free security vulnerability. Calling the function SSL_free_buffers() potentially caused memory to be accessed that was previously freed in some situations and a malicious attacker could attempt to engineer a stituation where this occurs to facilitate a denial-of-service attack. [CVE-2024-4741, bsc#1225551] OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=164
13 lines
545 B
Diff
13 lines
545 B
Diff
Index: openssl-1.1.1d/crypto/o_init.c
|
|
===================================================================
|
|
--- openssl-1.1.1d.orig/crypto/o_init.c 2020-01-23 13:45:11.556634952 +0100
|
|
+++ openssl-1.1.1d/crypto/o_init.c 2020-01-23 13:45:11.572635047 +0100
|
|
@@ -49,6 +49,7 @@ static void init_fips_mode(void)
|
|
NONFIPS_selftest_check();
|
|
/* drop down to non-FIPS mode if it is not requested */
|
|
FIPS_mode_set(0);
|
|
+ ERR_clear_error();
|
|
} else {
|
|
/* abort if selftest failed */
|
|
FIPS_selftest_check();
|