kdelibs/kdelibs-4.3.1-CVE-2009-2702.patch
2009-09-04 12:22:13 +00:00

70 lines
2.5 KiB
Diff

diff -Nur kdelibs-4.3.1.orig/kio/kssl/kopenssl.cpp kdelibs-4.3.1/kio/kssl/kopenssl.cpp
--- kdelibs-4.3.1.orig/kio/kssl/kopenssl.cpp 2008-10-23 01:05:00.000000000 +0200
+++ kdelibs-4.3.1/kio/kssl/kopenssl.cpp 2009-09-04 14:09:22.000000000 +0200
@@ -196,6 +196,7 @@
static X509_NAME *(*K_X509_NAME_new)() = 0L;
static int (*K_X509_REQ_set_subject_name)(X509_REQ*,X509_NAME*) = 0L;
static unsigned char *(*K_ASN1_STRING_data)(ASN1_STRING*) = 0L;
+static int (*K_ASN1_STRING_length)(ASN1_STRING*) = 0L;
static STACK_OF(SSL_CIPHER) *(*K_SSL_get_ciphers)(const SSL *ssl) = 0L;
#endif
@@ -530,6 +531,7 @@
K_X509_NAME_new = (X509_NAME *(*)()) d->cryptoLib->resolveFunction("X509_NAME_new");
K_X509_REQ_set_subject_name = (int (*)(X509_REQ*,X509_NAME*)) d->cryptoLib->resolveFunction("X509_REQ_set_subject_name");
K_ASN1_STRING_data = (unsigned char *(*)(ASN1_STRING*)) d->cryptoLib->resolveFunction("ASN1_STRING_data");
+ K_ASN1_STRING_length = (int (*)(ASN1_STRING*)) d->cryptoLib->resolveFunction("ASN1_STRING_length");
#endif
}
@@ -1577,6 +1579,13 @@
return 0L;
}
+
+int KOpenSSLProxy::ASN1_STRING_length(ASN1_STRING *x) {
+ if (K_ASN1_STRING_length) return (K_ASN1_STRING_length)(x);
+ return 0L;
+}
+
+
STACK_OF(SSL_CIPHER) *KOpenSSLProxy::SSL_get_ciphers(const SSL* ssl) {
if (K_SSL_get_ciphers) return (K_SSL_get_ciphers)(ssl);
return 0L;
diff -Nur kdelibs-4.3.1.orig/kio/kssl/kopenssl.h kdelibs-4.3.1/kio/kssl/kopenssl.h
--- kdelibs-4.3.1.orig/kio/kssl/kopenssl.h 2009-05-19 14:06:53.000000000 +0200
+++ kdelibs-4.3.1/kio/kssl/kopenssl.h 2009-09-04 14:09:22.000000000 +0200
@@ -589,13 +589,17 @@
*/
void ASN1_INTEGER_free(ASN1_INTEGER *x);
-
/*
* ASN1_STRING_data
*/
unsigned char *ASN1_STRING_data(ASN1_STRING *x);
/*
+ * ASN1_STRING_length
+ */
+ int ASN1_STRING_length(ASN1_STRING *x);
+
+ /*
*
*/
int OBJ_obj2nid(ASN1_OBJECT *o);
diff -Nur kdelibs-4.3.1.orig/kio/kssl/ksslcertificate.cpp kdelibs-4.3.1/kio/kssl/ksslcertificate.cpp
--- kdelibs-4.3.1.orig/kio/kssl/ksslcertificate.cpp 2009-01-16 16:07:05.000000000 +0100
+++ kdelibs-4.3.1/kio/kssl/ksslcertificate.cpp 2009-09-04 14:09:22.000000000 +0200
@@ -1305,7 +1305,9 @@
}
QString s = (const char *)d->kossl->ASN1_STRING_data(val->d.ia5);
- if (!s.isEmpty()) {
+ if (!s.isEmpty() &&
+ /* skip subjectAltNames with embedded NULs */
+ s.length() == d->kossl->ASN1_STRING_length(val->d.ia5)) {
rc += s;
}
}