From d95a6bd47a8029a5e031001c667ef16b997f0f24 Mon Sep 17 00:00:00 2001
From: "Tom G. Christensen" <tgc@jupiterrise.com>
Date: Wed, 24 Mar 2004 11:31:47 +0000
Subject: [PATCH] Add patches for CAN-2004-0079 & CAN-2004-0112

---
 openssl/build.sh                              |  4 ++-
 .../src/openssl-0.9.7c-can-2004-0079.patch    | 19 +++++++++++
 .../src/openssl-0.9.7c-can-2004-0112.patch    | 32 +++++++++++++++++++
 3 files changed, 54 insertions(+), 1 deletion(-)
 create mode 100644 openssl/src/openssl-0.9.7c-can-2004-0079.patch
 create mode 100644 openssl/src/openssl-0.9.7c-can-2004-0112.patch

diff --git a/openssl/build.sh b/openssl/build.sh
index 962c37b..eec8d98 100755
--- a/openssl/build.sh
+++ b/openssl/build.sh
@@ -9,12 +9,14 @@
 # Check the following 4 variables before running the script
 topdir=openssl
 version=0.9.7c
-pkgver=4
+pkgver=5
 source[0]=$topdir-$version.tar.gz
 # If there are no patches, simply comment this
 patch[0]=openssl-0.9.7c-shlib.patch
 patch[1]=openssl-0.9.7c-Configure.patch
 patch[2]=openssl-0.9.7c-doc.patch
+patch[3]=openssl-0.9.7c-can-2004-0079.patch
+patch[4]=openssl-0.9.7c-can-2004-0112.patch
 
 # Source function library
 . ${BUILDPKG_BASE}/scripts/buildpkg.functions
diff --git a/openssl/src/openssl-0.9.7c-can-2004-0079.patch b/openssl/src/openssl-0.9.7c-can-2004-0079.patch
new file mode 100644
index 0000000..90f0056
--- /dev/null
+++ b/openssl/src/openssl-0.9.7c-can-2004-0079.patch
@@ -0,0 +1,19 @@
+diff -ur -x CVS openssl7/ssl/s3_pkt.c ossl7/ssl/s3_pkt.c
+--- openssl7/ssl/s3_pkt.c	2003-02-19 12:04:16.000000000 +0000
++++ ossl7/ssl/s3_pkt.c	2004-02-02 01:10:12.000000000 +0000
+@@ -1085,6 +1085,14 @@
+ 			goto err;
+ 			}
+ 
++		/* Check we have a cipher to change to */
++		if (s->s3->tmp.new_cipher == NULL)
++			{
++			i=SSL_AD_UNEXPECTED_MESSAGE;
++			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
++			goto err;
++			}
++
+ 		rr->length=0;
+ 
+ 		if (s->msg_callback)
+
diff --git a/openssl/src/openssl-0.9.7c-can-2004-0112.patch b/openssl/src/openssl-0.9.7c-can-2004-0112.patch
new file mode 100644
index 0000000..29b419a
--- /dev/null
+++ b/openssl/src/openssl-0.9.7c-can-2004-0112.patch
@@ -0,0 +1,32 @@
+diff -ur -x CVS openssl7/ssl/s3_srvr.c ossl7/ssl/s3_srvr.c
+--- openssl7/ssl/s3_srvr.c	2004-01-14 23:02:49.000000000 +0000
++++ ossl7/ssl/s3_srvr.c	2004-02-19 13:22:16.000000000 +0000
+@@ -1588,11 +1591,27 @@
+ 
+ 		n2s(p,i);
+ 		enc_ticket.length = i;
++
++		if (n < enc_ticket.length + 6)
++			{
++			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
++				SSL_R_DATA_LENGTH_TOO_LONG);
++			goto err;
++			}
++
+ 		enc_ticket.data = (char *)p;
+ 		p+=enc_ticket.length;
+ 
+ 		n2s(p,i);
+ 		authenticator.length = i;
++
++		if (n < enc_ticket.length + authenticator.length + 6)
++			{
++			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
++				SSL_R_DATA_LENGTH_TOO_LONG);
++			goto err;
++			}
++
+ 		authenticator.data = (char *)p;
+ 		p+=authenticator.length;
+ 
+