File CVE-2011-4576.patch of Package openssl.444
Index: openssl-1.0.0c/ssl/s3_enc.c =================================================================== --- openssl-1.0.0c.orig/ssl/s3_enc.c +++ openssl-1.0.0c/ssl/s3_enc.c @@ -511,6 +511,9 @@ int ssl3_enc(SSL *s, int send) /* we need to add 'i-1' padding bytes */ l+=i; + /* the last of these zero bytes will be overwritten + * with the padding length. */ + memset(&rec->input[rec->length], 0, i); rec->length+=i; rec->input[l-1]=(i-1); }