aboutsummaryrefslogtreecommitdiffstats
path: root/security/openssl
diff options
context:
space:
mode:
authordinoex <dinoex@FreeBSD.org>2008-08-21 00:46:48 +0800
committerdinoex <dinoex@FreeBSD.org>2008-08-21 00:46:48 +0800
commitec2e36dc9973f440197933c0d47e28824571d9ce (patch)
tree51229148ae1985db242330989ecd5be436da2a9c /security/openssl
parent26cf5419cce1e708d37719ac2c1cc914dcc85fb8 (diff)
downloadfreebsd-ports-graphics-ec2e36dc9973f440197933c0d47e28824571d9ce.tar.gz
freebsd-ports-graphics-ec2e36dc9973f440197933c0d47e28824571d9ce.tar.zst
freebsd-ports-graphics-ec2e36dc9973f440197933c0d47e28824571d9ce.zip
- Security fix for 0.9.7m
Security: CVE-2007-5135 Security: http://www.openssl.org/news/secadv_20071012.txt Submitted by: Jung-uk Kim
Diffstat (limited to 'security/openssl')
-rw-r--r--security/openssl/Makefile2
-rw-r--r--security/openssl/files/patch-ssl-ssl_lib.c42
2 files changed, 43 insertions, 1 deletions
diff --git a/security/openssl/Makefile b/security/openssl/Makefile
index cf639513bd2..71ca5d12904 100644
--- a/security/openssl/Makefile
+++ b/security/openssl/Makefile
@@ -8,7 +8,7 @@
PORTNAME= openssl
.if !defined(WITH_OPENSSL_BETA) && ( defined(WITH_OPENSSL_097) || defined(WITH_OPENSSL_STABLE) )
PORTVERSION= 0.9.7m
-PORTREVISION?= 0
+PORTREVISION?= 1
.else
PORTVERSION= 0.9.8h
PORTREVISION?= 1
diff --git a/security/openssl/files/patch-ssl-ssl_lib.c b/security/openssl/files/patch-ssl-ssl_lib.c
new file mode 100644
index 00000000000..826d1c0e9af
--- /dev/null
+++ b/security/openssl/files/patch-ssl-ssl_lib.c
@@ -0,0 +1,42 @@
+--- ssl/ssl_lib.c 2006/09/28 11:53:51 1.110.2.19
++++ ssl/ssl_lib.c 2007/10/04 08:01:21 1.110.2.20
+@@ -1169,7 +1169,6 @@
+ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
+ {
+ char *p;
+- const char *cp;
+ STACK_OF(SSL_CIPHER) *sk;
+ SSL_CIPHER *c;
+ int i;
+@@ -1182,20 +1181,21 @@
+ sk=s->session->ciphers;
+ for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
+ {
+- /* Decrement for either the ':' or a '\0' */
+- len--;
++ int n;
++
+ c=sk_SSL_CIPHER_value(sk,i);
+- for (cp=c->name; *cp; )
++ n=strlen(c->name);
++ if (n+1 > len)
+ {
+- if (len-- <= 0)
+- {
+- *p='\0';
+- return(buf);
+- }
+- else
+- *(p++)= *(cp++);
++ if (p != buf)
++ --p;
++ *p='\0';
++ return buf;
+ }
++ strcpy(p,c->name);
++ p+=n;
+ *(p++)=':';
++ len-=n+1;
+ }
+ p[-1]='\0';
+ return(buf);