| blob | 05b8481f1275f38929f92be4ff6cfe4112dfeba9 |
1 From 943f4f6160684320fb9956087c603689ed9ff731 Mon Sep 17 00:00:00 2001
2 From: Andy Fiddaman <illumos@fiddaman.net>
3 Date: Tue, 4 Jun 2024 18:02:06 +0000
4 Subject: [PATCH 1/2] CVE-2024-4741
6 diff -wpruN --no-dereference '--exclude=*.orig' a~/ssl/record/rec_layer_s3.c a/ssl/record/rec_layer_s3.c
7 --- a~/ssl/record/rec_layer_s3.c 1970-01-01 00:00:00
8 +++ a/ssl/record/rec_layer_s3.c 1970-01-01 00:00:00
9 @@ -81,6 +81,15 @@ int RECORD_LAYER_read_pending(const RECO
10 return SSL3_BUFFER_get_left(&rl->rbuf) != 0;
11 }
13 +int RECORD_LAYER_data_present(const RECORD_LAYER *rl)
14 +{
15 + if (rl->rstate == SSL_ST_READ_BODY)
16 + return 1;
17 + if (RECORD_LAYER_processed_read_pending(rl))
18 + return 1;
19 + return 0;
20 +}
21 +
22 /* Checks if we have decrypted unread record data pending */
23 int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl)
24 {
25 diff -wpruN --no-dereference '--exclude=*.orig' a~/ssl/record/record.h a/ssl/record/record.h
26 --- a~/ssl/record/record.h 1970-01-01 00:00:00
27 +++ a/ssl/record/record.h 1970-01-01 00:00:00
28 @@ -197,6 +197,7 @@ void RECORD_LAYER_release(RECORD_LAYER *
29 int RECORD_LAYER_read_pending(const RECORD_LAYER *rl);
30 int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl);
31 int RECORD_LAYER_write_pending(const RECORD_LAYER *rl);
32 +int RECORD_LAYER_data_present(const RECORD_LAYER *rl);
33 void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl);
34 void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl);
35 int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl);
36 diff -wpruN --no-dereference '--exclude=*.orig' a~/ssl/ssl_lib.c a/ssl/ssl_lib.c
37 --- a~/ssl/ssl_lib.c 1970-01-01 00:00:00
38 +++ a/ssl/ssl_lib.c 1970-01-01 00:00:00
39 @@ -5248,6 +5248,9 @@ int SSL_free_buffers(SSL *ssl)
40 if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl))
41 return 0;
43 + if (RECORD_LAYER_data_present(rl))
44 + return 0;
45 +
46 RECORD_LAYER_release(rl);
47 return 1;
48 }