File openssl-CVE-2014-3571.patch of Package compat-openssl098.1339

commit 50befdb659585b9840264c77708d2dc638624137
Author: Matt Caswell <matt@openssl.org>
Date:   Sat Jan 3 00:54:35 2015 +0000

    Follow on from CVE-2014-3571. This fixes the code that was the original source
    of the crash due to p being NULL. Steve's fix prevents this situation from
    occuring - however this is by no means obvious by looking at the code for
    dtls1_get_record. This fix just makes things look a bit more sane.
    
    Conflicts:
    	ssl/d1_pkt.c
    
    Reviewed-by: Dr Stephen Henson <steve@openssl.org>

commit 46bf0ba87665c5aa215673d87e9ee7dd4ce28359
Author: Dr. Stephen Henson <steve@openssl.org>
Date:   Sat Jan 3 00:45:13 2015 +0000

    Fix crash in dtls1_get_record whilst in the listen state where you get two
    separate reads performed - one for the header and one for the body of the
    handshake record.
    
    CVE-2014-3571
    
    Reviewed-by: Matt Caswell <matt@openssl.org>
    
    Conflicts:
    	ssl/s3_pkt.c

commit 3b95629db1e4ceeab89f3d82af787a6c8dda56fa
Author: Dr. Stephen Henson <steve@openssl.org>
Date:   Tue Sep 15 23:11:22 2009 +0000

    PR: 2039
    Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
    Approved by: steve@openssl.org
    
    DTLS listen bug fix,


Index: openssl-0.9.8j/ssl/d1_pkt.c
===================================================================
--- openssl-0.9.8j.orig/ssl/d1_pkt.c	2015-01-09 15:16:43.893430926 +0100
+++ openssl-0.9.8j/ssl/d1_pkt.c	2015-01-09 15:58:06.699015593 +0100
@@ -603,8 +603,6 @@ again:
 		/* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
 		i=rr->length;
 		n=ssl3_read_n(s,i,i,1);
-		if (n <= 0) return(n); /* error or non-blocking io */
-
 		/* this packet contained a partial record, dump it */
 		if ( n != i)
 			{
Index: openssl-0.9.8j/ssl/s3_pkt.c
===================================================================
--- openssl-0.9.8j.orig/ssl/s3_pkt.c	2015-01-09 15:16:43.893430926 +0100
+++ openssl-0.9.8j/ssl/s3_pkt.c	2015-01-09 15:16:45.155445816 +0100
@@ -145,6 +145,8 @@ int ssl3_read_n(SSL *s, int n, int max,
 	if ( SSL_version(s) == DTLS1_VERSION &&
 		extend)
 		{
+		if (s->s3->rbuf.left == 0 && extend)
+			return 0;
 		if ( s->s3->rbuf.left > 0 && n > s->s3->rbuf.left)
 			n = s->s3->rbuf.left;
 		}