File polarssl-CVE-2015-5291.patch of Package polarssl.openSUSE_13.2_Update

Overview Repositories Revisions Requests Users Attributes Meta

File polarssl-CVE-2015-5291.patch of Package polarssl.openSUSE_13.2_Update

From: Simon Butcher <simon.butcher@arm.com>
Date: Tue, 29 Sep 2015 23:27:20 +0100
Subject: CVE-2015-5291: Added max length checking of hostname

(cherry picked from commit c988f32adde62a169ba340fee0da15aecd40e76e)
---
 include/polarssl/ssl.h | 2 ++
 library/ssl_tls.c      | 3 +++
 2 files changed, 5 insertions(+)

Index: include/polarssl/ssl.h
===================================================================
--- include/polarssl/ssl.h.orig
+++ include/polarssl/ssl.h
@@ -194,6 +194,8 @@
 #endif /* POLARSSL_SSL_PROTO_TLS1_1 */
 #endif /* POLARSSL_SSL_PROTO_TLS1_2 */
 
+#define SSL_MAX_HOST_NAME_LEN           255 /*!< Maximum host name defined in RFC 1035 */
+
 /* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
  * NONE must be zero so that memset()ing structure to zero works */
 #define SSL_MAX_FRAG_LEN_NONE           0   /*!< don't use this extension   */
Index: library/ssl_tls.c
===================================================================
--- library/ssl_tls.c.orig
+++ library/ssl_tls.c
@@ -3903,6 +3903,9 @@ int ssl_set_hostname( ssl_context *ssl,
     if( ssl->hostname_len + 1 == 0 )
         return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
 
+    if( ssl->hostname_len > SSL_MAX_HOST_NAME_LEN )
+        return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
     ssl->hostname = (unsigned char *) polarssl_malloc( ssl->hostname_len + 1 );
 
     if( ssl->hostname == NULL )

Places

File polarssl-CVE-2015-5291.patch of Package polarssl.openSUSE_13.2_Update

Places