Overview

File CVE-2011-3210.patch of Package openssl.import5634

Index: openssl-1.0.0c/ssl/d1_srvr.c
===================================================================
--- openssl-1.0.0c.orig/ssl/d1_srvr.c
+++ openssl-1.0.0c/ssl/d1_srvr.c
@@ -1017,12 +1017,11 @@ int dtls1_send_server_key_exchange(SSL *
 				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
 				goto err;
 				}
-			if (!EC_KEY_up_ref(ecdhp))
+			if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
 				{
 				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
 				goto err;
 				}
-			ecdh = ecdhp;
 
 			s->s3->tmp.ecdh=ecdh;
 			if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
Index: openssl-1.0.0c/ssl/s3_lib.c
===================================================================
--- openssl-1.0.0c.orig/ssl/s3_lib.c
+++ openssl-1.0.0c/ssl/s3_lib.c
@@ -2198,11 +2198,17 @@ void ssl3_clear(SSL *s)
 		}
 #ifndef OPENSSL_NO_DH
 	if (s->s3->tmp.dh != NULL)
+	{
 		DH_free(s->s3->tmp.dh);
+		s->s3->tmp.dh = NULL;
+	}
 #endif
 #ifndef OPENSSL_NO_ECDH
 	if (s->s3->tmp.ecdh != NULL)
+	{
 		EC_KEY_free(s->s3->tmp.ecdh);
+		s->s3->tmp.ecdh = NULL;
+	}
 #endif
 
 	rp = s->s3->rbuf.buf;
Index: openssl-1.0.0c/ssl/s3_srvr.c
===================================================================
--- openssl-1.0.0c.orig/ssl/s3_srvr.c
+++ openssl-1.0.0c/ssl/s3_srvr.c
@@ -778,6 +778,13 @@ int ssl3_check_client_hello(SSL *s)
 			s->s3->tmp.dh = NULL;
 			}
 #endif
+#ifndef OPENSSL_NO_ECDH
+		if (s->s3->tmp.ecdh != NULL)
+		{
+			EC_KEY_free(s->s3->tmp.ecdh);
+			s->s3->tmp.ecdh = NULL;
+		}
+#endif
 		return 2;
 		}
 	return 1;
@@ -1491,7 +1498,6 @@ int ssl3_send_server_key_exchange(SSL *s
 
 			if (s->s3->tmp.dh != NULL)
 				{
-				DH_free(dh);
 				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
 				goto err;
 				}
@@ -1552,7 +1558,6 @@ int ssl3_send_server_key_exchange(SSL *s
 
 			if (s->s3->tmp.ecdh != NULL)
 				{
-				EC_KEY_free(s->s3->tmp.ecdh); 
 				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
 				goto err;
 				}
@@ -1563,12 +1568,11 @@ int ssl3_send_server_key_exchange(SSL *s
 				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
 				goto err;
 				}
-			if (!EC_KEY_up_ref(ecdhp))
+			if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
 				{
 				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
 				goto err;
 				}
-			ecdh = ecdhp;
 
 			s->s3->tmp.ecdh=ecdh;
 			if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
@@ -2440,6 +2444,12 @@ int ssl3_get_client_key_exchange(SSL *s)
 			/* Get encoded point length */
 			i = *p; 
 			p += 1;
+			if (n != 1 + i)
+			{
+				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+						ERR_R_EC_LIB);
+				goto err;
+			}
 			if (EC_POINT_oct2point(group, 
 			    clnt_ecpoint, p, i, bn_ctx) == 0)
 				{
openSUSE Build Service is sponsored by
Places