diff options
author | simon <simon@FreeBSD.org> | 2010-04-01 15:19:51 +0000 |
---|---|---|
committer | simon <simon@FreeBSD.org> | 2010-04-01 15:19:51 +0000 |
commit | 2176e0cd52d68263d3d2ff39461442b734360fe1 (patch) | |
tree | 9b9ed316e70ff8c7ea71526ab69ab131960e8b72 /crypto/openssl/ssl | |
parent | 348853b7ae1be0b9abbde8c1b0ad8dcb786a2cb7 (diff) | |
download | FreeBSD-src-2176e0cd52d68263d3d2ff39461442b734360fe1.zip FreeBSD-src-2176e0cd52d68263d3d2ff39461442b734360fe1.tar.gz |
Merge OpenSSL 0.9.8n into head.
This fixes CVE-2010-0740 which only affected -CURRENT (OpenSSL 0.9.8m)
but not -STABLE branches.
I have not yet been able to find out if CVE-2010-0433 impacts FreeBSD.
This will be investigated further.
Security: CVE-2010-0433, CVE-2010-0740
Security: http://www.openssl.org/news/secadv_20100324.txt
Diffstat (limited to 'crypto/openssl/ssl')
-rw-r--r-- | crypto/openssl/ssl/kssl.c | 3 | ||||
-rw-r--r-- | crypto/openssl/ssl/s3_pkt.c | 6 |
2 files changed, 6 insertions, 3 deletions
diff --git a/crypto/openssl/ssl/kssl.c b/crypto/openssl/ssl/kssl.c index 73401c9..5cba28b 100644 --- a/crypto/openssl/ssl/kssl.c +++ b/crypto/openssl/ssl/kssl.c @@ -1802,6 +1802,9 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx) kssl_ctx->service_name ? kssl_ctx->service_name: KRB5SVC, KRB5_NT_SRV_HST, &princ); + if (krb5rc) + goto exit; + krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, princ, 0 /* IGNORE_VNO */, diff --git a/crypto/openssl/ssl/s3_pkt.c b/crypto/openssl/ssl/s3_pkt.c index a2ba574..5e3583c 100644 --- a/crypto/openssl/ssl/s3_pkt.c +++ b/crypto/openssl/ssl/s3_pkt.c @@ -291,9 +291,9 @@ again: if (version != s->version) { SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); - /* Send back error using their - * version number :-) */ - s->version=version; + if ((s->version & 0xFF00) == (version & 0xFF00)) + /* Send back error using their minor version number :-) */ + s->version = (unsigned short)version; al=SSL_AD_PROTOCOL_VERSION; goto f_err; } |