Apply by doing:
cd /usr/src
patch -p0 < 004_openssl.patch
And then rebuild and install the library and statically-linked binaries
that depend upon it:
cd lib/libssl
make obj
make depend
make includes
make
make install
cd ../../sbin
make obj
make depend
make
make install
Index: lib/libssl/src/ssl/t1_lib.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/t1_lib.c,v
retrieving revision 1.5
diff -p -u -r1.5 t1_lib.c
--- lib/libssl/src/ssl/t1_lib.c 5 Jan 2009 21:36:39 -0000 1.5
+++ lib/libssl/src/ssl/t1_lib.c 16 Nov 2010 18:28:20 -0000
@@ -369,14 +369,23 @@ int ssl_parse_clienthello_tlsext(SSL *s,
switch (servname_type)
{
case TLSEXT_NAMETYPE_host_name:
- if (s->session->tlsext_hostname == NULL)
+ if (!s->hit)
{
- if (len > TLSEXT_MAXLEN_host_name ||
- ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL))
+ if(s->session->tlsext_hostname)
+ {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ if (len > TLSEXT_MAXLEN_host_name)
{
*al = TLS1_AD_UNRECOGNIZED_NAME;
return 0;
}
+ if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)
+ {
+ *al = TLS1_AD_INTERNAL_ERROR;
+ return 0;
+ }
memcpy(s->session->tlsext_hostname, sdata, len);
s->session->tlsext_hostname[len]='\0';
if (strlen(s->session->tlsext_hostname) != len) {
@@ -389,7 +398,8 @@ int ssl_parse_clienthello_tlsext(SSL *s,
}
else
- s->servername_done = strlen(s->session->tlsext_hostname) == len
+ s->servername_done = s->session->tlsext_hostname
+ && strlen(s->session->tlsext_hostname) == len
&& strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
break;
