Accepting request 63797 from Base:System

Accepted submit request 63797 from user coolo

OBS-URL: https://build.opensuse.org/request/show/63797
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=50

CVE-2011-0014.patch

@@ -0,0 +1,28 @@
+Index: openssl-1.0.0c/ssl/t1_lib.c
+===================================================================
+--- openssl-1.0.0c.orig/ssl/t1_lib.c
++++ openssl-1.0.0c/ssl/t1_lib.c
+@@ -917,6 +917,7 @@ int ssl_parse_clienthello_tlsext(SSL *s,
+ 						}
+ 					n2s(data, idsize);
+ 					dsize -= 2 + idsize;
++					size -= 2 + idsize;
+ 					if (dsize < 0)
+ 						{
+ 						*al = SSL_AD_DECODE_ERROR;
+@@ -955,9 +956,14 @@ int ssl_parse_clienthello_tlsext(SSL *s,
+ 					}
+ 
+ 				/* Read in request_extensions */
++				if (size < 2)
++				{
++					*al = SSL_AD_DECODE_ERROR;
++					return 0;
++				}
+ 				n2s(data,dsize);
+ 				size -= 2;
+-				if (dsize > size) 
++				if (dsize != size) 
+ 					{
+ 					*al = SSL_AD_DECODE_ERROR;
+ 					return 0;

openssl.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Feb 10 07:42:01 UTC 2011 - gjhe@novell.com
+
+- fix bug [bnc#670526]
+  CVE-2011-0014,OCSP stapling vulnerability
+
 -------------------------------------------------------------------
 Sat Jan 15 19:58:51 UTC 2011 - cristian.rodriguez@opensuse.org
 

openssl.spec

@@ -49,6 +49,7 @@ Patch2:         bug610223.patch
 #Patch5:         CVE-2010-2939.patch
 #Patch6:         CVE-2010-3864.patch
 Patch7:         openssl-1.0.0b-aesni.patch
+Patch8:         CVE-2011-0014.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -183,6 +184,7 @@ Authors:
 #%patch5 -p1
 #%patch6 -p1
 %patch7 -p1
+%patch8 -p1
 cp -p %{S:10} .
 echo "adding/overwriting some entries in the 'table' hash in Configure"
 # $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags