File CVE-2010-3864.patch of Package compat-openssl098.703

Index: openssl-0.9.8h/ssl/t1_lib.c
===================================================================
--- openssl-0.9.8h.orig/ssl/t1_lib.c
+++ openssl-0.9.8h/ssl/t1_lib.c
@@ -431,14 +431,23 @@ int ssl_parse_clienthello_tlsext(SSL *s,
 				switch (servname_type)
 					{
 				case TLSEXT_NAMETYPE_host_name:
-					if (s->session->tlsext_hostname == NULL)
+					if (!s->hit)
+					{
+						if(s->session->tlsext_hostname)
+						{
+							*al = SSL_AD_DECODE_ERROR;
+							return 0;
+						}
+						if (len > TLSEXT_MAXLEN_host_name)
 						{
-						if (len > TLSEXT_MAXLEN_host_name || 
-							((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL))
-							{
 							*al = TLS1_AD_UNRECOGNIZED_NAME;
 							return 0;
-							}
+						}
+						if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)
+						{
+							*al = TLS1_AD_INTERNAL_ERROR;
+							return 0;
+						}
 						memcpy(s->session->tlsext_hostname, sdata, len);
 						s->session->tlsext_hostname[len]='\0';
 						if (strlen(s->session->tlsext_hostname) != len) {
@@ -449,9 +458,10 @@ int ssl_parse_clienthello_tlsext(SSL *s,
 						}
 						s->servername_done = 1; 
 
-						}
+					}
 					else 
-						s->servername_done = strlen(s->session->tlsext_hostname) == len 
+						s->servername_done = s->session->tlsext_hostname
+							&& strlen(s->session->tlsext_hostname) == len
 							&& strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
 					
 					break;