Fix several crash causing defects from OpenSSL.

These include: CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0289 - PKCS7 NULL pointer dereferences Several other issues did not apply or were already fixed. Refer to https://www.openssl.org/news/secadv_20150319.txt joint work with beck, doug, guenther, jsing, miod
author: tedu <tedu@openbsd.org> 2015-03-19 14:00:22 +0000
committer: tedu <tedu@openbsd.org> 2015-03-19 14:00:22 +0000
commit: 3e1f01a58e06bce857a0bd2d96d69cbd7774112d (patch)
tree: f93eb0d92d685d5a325849772f5b6fba26ac0f75 /lib/libssl/d1_lib.c
parent: standard sections, and a little more macro stuff; (diff)
download: wireguard-openbsd-3e1f01a58e06bce857a0bd2d96d69cbd7774112d.tar.xz
wireguard-openbsd-3e1f01a58e06bce857a0bd2d96d69cbd7774112d.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/libssl/d1_lib.c b/lib/libssl/d1_lib.c
index 9d9a90d76a0..dd789ccc702 100644
--- a/lib/libssl/d1_lib.c
+++ b/lib/libssl/d1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_lib.c,v 1.27 2015/02/09 10:53:28 jsing Exp $ */
+/* $OpenBSD: d1_lib.c,v 1.28 2015/03/19 14:00:22 tedu Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -443,6 +443,9 @@ dtls1_listen(SSL *s, struct sockaddr *client)
 {
 	int ret;
 
+	/* Ensure there is no state left over from a previous invocation */
+	SSL_clear(s);
+
 	SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
 	s->d1->listen = 1;
author	tedu <tedu@openbsd.org>	2015-03-19 14:00:22 +0000
committer	tedu <tedu@openbsd.org>	2015-03-19 14:00:22 +0000
commit	3e1f01a58e06bce857a0bd2d96d69cbd7774112d (patch)
tree	f93eb0d92d685d5a325849772f5b6fba26ac0f75 /lib/libssl/d1_lib.c
parent	standard sections, and a little more macro stuff; (diff)
download	wireguard-openbsd-3e1f01a58e06bce857a0bd2d96d69cbd7774112d.tar.xz wireguard-openbsd-3e1f01a58e06bce857a0bd2d96d69cbd7774112d.zip