Commit c2a8133d authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past 

produce an error (CVE-2011-3207)

Fix TLS ephemeral DH crash bug (CVE-2011-3210)
parent e935440a

CHANGES

+5 −1
Original line number Diff line number Diff line
@@ -4,8 +4,12 @@ 


 Changes between 1.0.0d and 1.0.0e [xx XXX xxxx]



  *) Fix bug where CRLs with nextUpdate in the past are sometimes accepted

     by initialising X509_STORE_CTX properly. (CVE-2011-3207)

     [Kaspar Brand <ossl@velox.ch>]



  *) Fix SSL memory handling for (EC)DH ciphersuites, in particular

     for multi-threaded use of ECDH.

     for multi-threaded use of ECDH. (CVE-2011-3210)

     [Adam Langley (Google)]



  *) Fix x509_name_ex_d2i memory leak on bad inputs.

crypto/x509/x509_vfy.c

+4 −0
Original line number Diff line number Diff line
@@ -703,6 +703,7 @@ static int check_cert(X509_STORE_CTX *ctx) 
	x = sk_X509_value(ctx->chain, cnum);

	ctx->current_cert = x;

	ctx->current_issuer = NULL;

	ctx->current_crl_score = 0;

	ctx->current_reasons = 0;

	while (ctx->current_reasons != CRLDP_ALL_REASONS)

		{
@@ -2015,6 +2016,9 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, 
	ctx->error_depth=0;

	ctx->current_cert=NULL;

	ctx->current_issuer=NULL;

	ctx->current_crl=NULL;

	ctx->current_crl_score=0;

	ctx->current_reasons=0;

	ctx->tree = NULL;

	ctx->parent = NULL;