Apply by doing:
cd /usr/src
patch -p0 < 008_openssl.patch
And then rebuild and install the library and statically-linked binaries
that depend upon it:
cd lib/libssl
make obj
make depend
make includes
make
make install
cd ../../sbin
make obj
make depend
make
make install
Index: lib/libssl/src/ssl/t1_lib.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/t1_lib.c,v
retrieving revision 1.5.8.1
diff -u -r1.5.8.1 t1_lib.c
--- lib/libssl/src/ssl/t1_lib.c 17 Nov 2010 19:12:56 -0000 1.5.8.1
+++ lib/libssl/src/ssl/t1_lib.c 11 Feb 2011 03:23:54 -0000
@@ -452,6 +452,7 @@
}
n2s(data, idsize);
dsize -= 2 + idsize;
+ size -= 2 + idsize;
if (dsize < 0)
{
*al = SSL_AD_DECODE_ERROR;
@@ -490,9 +491,14 @@
}
/* Read in request_extensions */
+ if (size < 2)
+ {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
n2s(data,dsize);
size -= 2;
- if (dsize > size)
+ if (dsize != size)
{
*al = SSL_AD_DECODE_ERROR;
return 0;
