testing/openssl
SHA256
3
0
Fork 0
forked from pool/openssl
Code Pull Requests Activity
0bb9b0ad33
openssl/openssl-buffreelistbug-aka-CVE-2010-5298.patch

14 lines
372 B
Diff
Raw Normal View History

Accepting request 231108 from Base:System - Build everything with full RELRO (-Wl,-z,relro,-z,now) - Remove -fstack-protector from the hardcoded build options it is already in RPM_OPT_FLAGS and is replaced by -fstack-protector-strong with gcc 4.9 - Remove the "gmp" and "capi" shared engines, nobody noticed but they are just dummies that do nothing. - Use enable-rfc3779 to allow projects such as rpki.net to work in openSUSE and match the functionality available in Debian/Fedora/etc - openssl-buffreelistbug-aka-CVE-2010-5298.patch fix CVE-2010-5298 and disable the internal BUF_FREELISTS functionality. it hides bugs like heartbleed and is there only for systems on which malloc() free() are slow. - ensure we export MALLOC_CHECK and PERTURB during the test suite, now that the freelist functionality is disabled it will help to catch bugs before they hit users. - openssl-libssl-noweakciphers.patch do not offer "export" or "low" quality ciphers by default. using such ciphers is not forbidden but requires an explicit request - openssl-gcc-attributes.patch: fix thinko, CRYPTO_realloc_clean does not return memory of "num * old_num" but only "num" size fortunately this function is currently unused. (forwarded request 230868 from elvigia) OBS-URL: https://build.opensuse.org/request/show/231108 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=114
2014-04-26 17:01:45 +02:00
--- openssl-1.0.1g.orig/ssl/s3_pkt.c
+++ openssl-1.0.1g/ssl/s3_pkt.c
@@ -1055,8 +1055,8 @@ start:
{
s->rstate=SSL_ST_READ_HEADER;
rr->off=0;
- if (s->mode & SSL_MODE_RELEASE_BUFFERS)
- ssl3_release_read_buffer(s);
+ if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0)
+ ssl3_release_read_buffer(s);
}
}
return(n);
Copy Permalink