70 lines
2.7 KiB
Diff
70 lines
2.7 KiB
Diff
diff -up kdelibs-4.10.0/kio/kssl/kopenssl.cpp.CVE-2009-2702 kdelibs-4.10.0/kio/kssl/kopenssl.cpp
|
|
--- kdelibs-4.10.0/kio/kssl/kopenssl.cpp.CVE-2009-2702 2013-01-23 15:44:24.000000000 -0600
|
|
+++ kdelibs-4.10.0/kio/kssl/kopenssl.cpp 2013-01-31 07:37:12.210503883 -0600
|
|
@@ -196,6 +196,7 @@ static int (*K_X509_NAME_add_entry_by_tx
|
|
static X509_NAME *(*K_X509_NAME_new)() = 0L;
|
|
static int (*K_X509_REQ_set_subject_name)(X509_REQ*,X509_NAME*) = 0L;
|
|
static unsigned char *(*K_ASN1_STRING_data)(ASN1_STRING*) = 0L;
|
|
+static int (*K_ASN1_STRING_length)(ASN1_STRING*) = 0L;
|
|
static STACK_OF(SSL_CIPHER) *(*K_SSL_get_ciphers)(const SSL *ssl) = 0L;
|
|
|
|
#endif
|
|
@@ -525,6 +526,7 @@ KOpenSSLProxy::KOpenSSLProxy()
|
|
K_X509_NAME_new = (X509_NAME *(*)()) d->cryptoLib->resolveFunction("X509_NAME_new");
|
|
K_X509_REQ_set_subject_name = (int (*)(X509_REQ*,X509_NAME*)) d->cryptoLib->resolveFunction("X509_REQ_set_subject_name");
|
|
K_ASN1_STRING_data = (unsigned char *(*)(ASN1_STRING*)) d->cryptoLib->resolveFunction("ASN1_STRING_data");
|
|
+ K_ASN1_STRING_length = (int (*)(ASN1_STRING*)) d->cryptoLib->resolveFunction("ASN1_STRING_length");
|
|
#endif
|
|
}
|
|
|
|
@@ -1572,6 +1574,13 @@ unsigned char *KOpenSSLProxy::ASN1_STRIN
|
|
return 0L;
|
|
}
|
|
|
|
+
|
|
+int KOpenSSLProxy::ASN1_STRING_length(ASN1_STRING *x) {
|
|
+ if (K_ASN1_STRING_length) return (K_ASN1_STRING_length)(x);
|
|
+ return 0L;
|
|
+}
|
|
+
|
|
+
|
|
STACK_OF(SSL_CIPHER) *KOpenSSLProxy::SSL_get_ciphers(const SSL* ssl) {
|
|
if (K_SSL_get_ciphers) return (K_SSL_get_ciphers)(ssl);
|
|
return 0L;
|
|
diff -up kdelibs-4.10.0/kio/kssl/kopenssl.h.CVE-2009-2702 kdelibs-4.10.0/kio/kssl/kopenssl.h
|
|
--- kdelibs-4.10.0/kio/kssl/kopenssl.h.CVE-2009-2702 2013-01-23 15:44:24.000000000 -0600
|
|
+++ kdelibs-4.10.0/kio/kssl/kopenssl.h 2013-01-31 07:37:12.210503883 -0600
|
|
@@ -607,13 +607,17 @@ public:
|
|
*/
|
|
void ASN1_INTEGER_free(ASN1_INTEGER *x);
|
|
|
|
-
|
|
/*
|
|
* ASN1_STRING_data
|
|
*/
|
|
unsigned char *ASN1_STRING_data(ASN1_STRING *x);
|
|
|
|
/*
|
|
+ * ASN1_STRING_length
|
|
+ */
|
|
+ int ASN1_STRING_length(ASN1_STRING *x);
|
|
+
|
|
+ /*
|
|
*
|
|
*/
|
|
int OBJ_obj2nid(ASN1_OBJECT *o);
|
|
diff -up kdelibs-4.10.0/kio/kssl/ksslcertificate.cpp.CVE-2009-2702 kdelibs-4.10.0/kio/kssl/ksslcertificate.cpp
|
|
--- kdelibs-4.10.0/kio/kssl/ksslcertificate.cpp.CVE-2009-2702 2013-01-23 15:44:24.000000000 -0600
|
|
+++ kdelibs-4.10.0/kio/kssl/ksslcertificate.cpp 2013-01-31 07:37:12.210503883 -0600
|
|
@@ -1301,7 +1301,9 @@ QStringList KSSLCertificate::subjAltName
|
|
}
|
|
|
|
QString s = (const char *)d->kossl->ASN1_STRING_data(val->d.ia5);
|
|
- if (!s.isEmpty()) {
|
|
+ if (!s.isEmpty() &&
|
|
+ /* skip subjectAltNames with embedded NULs */
|
|
+ s.length() == d->kossl->ASN1_STRING_length(val->d.ia5)) {
|
|
rc += s;
|
|
}
|
|
}
|