| 123456789101112131415161718192021222324252627282930313233343536373839404142434445 |
- diff -Nura openssl-0.9.8l/crypto/pqueue/pqueue.c openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.c
- --- openssl-0.9.8l/crypto/pqueue/pqueue.c 2005-06-28 09:53:33.000000000 -0300
- +++ openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.c 2009-11-10 13:19:42.000000000 -0300
- @@ -234,3 +234,17 @@
-
- return ret;
- }
- +
- +int
- +pqueue_size(pqueue_s *pq)
- +{
- + pitem *item = pq->items;
- + int count = 0;
- +
- + while(item != NULL)
- + {
- + count++;
- + item = item->next;
- + }
- + return count;
- +}
- diff -Nura openssl-0.9.8l/crypto/pqueue/pqueue.h openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.h
- --- openssl-0.9.8l/crypto/pqueue/pqueue.h 2005-05-30 19:34:27.000000000 -0300
- +++ openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.h 2009-11-10 13:19:42.000000000 -0300
- @@ -91,5 +91,6 @@
- pitem *pqueue_next(piterator *iter);
-
- void pqueue_print(pqueue pq);
- +int pqueue_size(pqueue pq);
-
- #endif /* ! HEADER_PQUEUE_H */
- diff -Nura openssl-0.9.8l/ssl/d1_pkt.c openssl-0.9.8l-CVE-2009-1377/ssl/d1_pkt.c
- --- openssl-0.9.8l/ssl/d1_pkt.c 2009-11-05 12:21:28.000000000 -0300
- +++ openssl-0.9.8l-CVE-2009-1377/ssl/d1_pkt.c 2009-11-10 13:19:42.000000000 -0300
- @@ -167,6 +167,10 @@
- DTLS1_RECORD_DATA *rdata;
- pitem *item;
-
- + /* Limit the size of the queue to prevent DOS attacks */
- + if (pqueue_size(queue->q) >= 100)
- + return 0;
- +
- rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
- item = pitem_new(priority, rdata);
- if (rdata == NULL || item == NULL)
|
