summary refs log tree commit diff
path: root/gnu/packages/patches/openssl-CVE-2010-5298.patch
blob: 707a24dff0f6752a91805b8684be9917a0f850ea (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
From db978be7388852059cf54e42539a363d549c5bfd Mon Sep 17 00:00:00 2001
From: Kurt Roeckx <kurt@roeckx.be>
Date: Sun, 13 Apr 2014 15:05:30 +0200
Subject: [PATCH] Don't release the buffer when there still is data in it

RT: 2167, 3265
---
 ssl/s3_pkt.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index b9e45c7..32e9207 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1055,7 +1055,8 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
 				{
 				s->rstate=SSL_ST_READ_HEADER;
 				rr->off=0;
-				if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+				if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
+					s->s3->rbuf.left == 0)
 					ssl3_release_read_buffer(s);
 				}
 			}
-- 
1.9.1