Overview

File CVE-2015-8036-Reordered-extension-fields-and-added-to-Cha.patch of Package polarssl.5404

From: Simon Butcher <simon.butcher@arm.com>
Date: Thu, 1 Oct 2015 01:17:10 +0100
Subject: CVE-2015-8036: Reordered extension fields and added to ChangeLog

Reordered the transmission sequence of TLS extension fields in client hello
and added to ChangeLog.

(cherry picked from commit 643a922c56b77235e88f106fb1b41c1a764cea5f)
---
 library/ssl_cli.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

Index: library/ssl_cli.c
===================================================================
--- library/ssl_cli.c.orig
+++ library/ssl_cli.c
@@ -78,7 +78,7 @@ static void ssl_write_hostname_ext( ssl_
     SSL_DEBUG_MSG( 3, ( "client hello, adding server name extension: %s",
                    ssl->hostname ) );
 
-    if( (size_t)(end - p) < ssl->hostname_len + 9 )
+    if( end < p || (size_t)( end - p ) < ssl->hostname_len + 9 )
     {
          SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
          return;
@@ -766,13 +766,13 @@ static int ssl_write_client_hello( ssl_c
     ext_len += olen;
 #endif
 
-#if defined(POLARSSL_SSL_SESSION_TICKETS)
-    ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
+#if defined(POLARSSL_SSL_ALPN)
+    ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen );
     ext_len += olen;
 #endif
 
-#if defined(POLARSSL_SSL_ALPN)
-    ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen );
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+    ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
     ext_len += olen;
 #endif
openSUSE Build Service is sponsored by
Places