46 lines
1.4 KiB
Diff
46 lines
1.4 KiB
Diff
diff -Nura openssl-0.9.8l/crypto/pqueue/pqueue.c openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.c
|
|
--- openssl-0.9.8l/crypto/pqueue/pqueue.c 2005-06-28 09:53:33.000000000 -0300
|
|
+++ openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.c 2009-11-10 13:19:42.000000000 -0300
|
|
@@ -234,3 +234,17 @@
|
|
|
|
return ret;
|
|
}
|
|
+
|
|
+int
|
|
+pqueue_size(pqueue_s *pq)
|
|
+{
|
|
+ pitem *item = pq->items;
|
|
+ int count = 0;
|
|
+
|
|
+ while(item != NULL)
|
|
+ {
|
|
+ count++;
|
|
+ item = item->next;
|
|
+ }
|
|
+ return count;
|
|
+}
|
|
diff -Nura openssl-0.9.8l/crypto/pqueue/pqueue.h openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.h
|
|
--- openssl-0.9.8l/crypto/pqueue/pqueue.h 2005-05-30 19:34:27.000000000 -0300
|
|
+++ openssl-0.9.8l-CVE-2009-1377/crypto/pqueue/pqueue.h 2009-11-10 13:19:42.000000000 -0300
|
|
@@ -91,5 +91,6 @@
|
|
pitem *pqueue_next(piterator *iter);
|
|
|
|
void pqueue_print(pqueue pq);
|
|
+int pqueue_size(pqueue pq);
|
|
|
|
#endif /* ! HEADER_PQUEUE_H */
|
|
diff -Nura openssl-0.9.8l/ssl/d1_pkt.c openssl-0.9.8l-CVE-2009-1377/ssl/d1_pkt.c
|
|
--- openssl-0.9.8l/ssl/d1_pkt.c 2009-11-05 12:21:28.000000000 -0300
|
|
+++ openssl-0.9.8l-CVE-2009-1377/ssl/d1_pkt.c 2009-11-10 13:19:42.000000000 -0300
|
|
@@ -167,6 +167,10 @@
|
|
DTLS1_RECORD_DATA *rdata;
|
|
pitem *item;
|
|
|
|
+ /* Limit the size of the queue to prevent DOS attacks */
|
|
+ if (pqueue_size(queue->q) >= 100)
|
|
+ return 0;
|
|
+
|
|
rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
|
|
item = pitem_new(priority, rdata);
|
|
if (rdata == NULL || item == NULL)
|