diff options
author | Simon L. B. Nielsen <simon@FreeBSD.org> | 2009-08-23 13:58:25 +0000 |
---|---|---|
committer | Simon L. B. Nielsen <simon@FreeBSD.org> | 2009-08-23 13:58:25 +0000 |
commit | b7421a6928c470446c8bd74218149745b1c1db16 (patch) | |
tree | 603d4d8f49dabe92b27a4a916cf2ed99f495b99d /ssl/d1_pkt.c | |
parent | 27de41c0e2f408da6b42112c27b4dad0a07432e0 (diff) | |
download | src-b7421a6928c470446c8bd74218149745b1c1db16.tar.gz src-b7421a6928c470446c8bd74218149745b1c1db16.zip |
Import DTLS fix from upstream OpenSSL 0.9.8 branch:
Fix memory consumption bug with "future epoch" DTLS records.
Note that this will not get FreeBSD Security Advisory as DTLS is
experimental in OpenSSL.
Security: CVE-2009-1377
Obtained from: OpenSSL CVS
http://cvs.openssl.org/chngview?cn=18187
Notes
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=196461
Diffstat (limited to 'ssl/d1_pkt.c')
-rw-r--r-- | ssl/d1_pkt.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index eb56cf987ba3..4ae9be54ae60 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -167,6 +167,10 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, PQ_64BIT priority) DTLS1_RECORD_DATA *rdata; pitem *item; + /* Limit the size of the queue to prevent DOS attacks */ + if (pqueue_size(queue->q) >= 100) + return 0; + rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); item = pitem_new(priority, rdata); if (rdata == NULL || item == NULL) |