head	1.2;
access;
symbols;
locks; strict;
comment	@# @;


1.2
date	2009.05.20.19.22.47;	author dinoex;	state dead;
branches;
next	1.1;

1.1
date	2009.05.20.12.56.26;	author dinoex;	state Exp;
branches;
next	;


desc
@@


1.2
log
@- add more DTLS bugfixes
- use options framework
- new option WITH_FIPS
add fips code
- new option WITH_SCTP
add SCTP support to openssl
@
text
@Obtained-from: http://rt.openssl.org/Ticket/Attachment/22260/10159/dtls-record-buffer-bug-1.0.0.patch

--- crypto/pqueue/pqueue.c	2005-12-20 08:03:10.000000000 +0100
+++ crypto/pqueue/pqueue.c	2009-05-15 16:07:33.000000000 +0200
@@@@ -237,3 +237,17 @@@@
 
 	return ret;
 	}
+
+int
+pqueue_size(pqueue_s *pq)
+{
+	pitem *item = pq->items;
+	int count = 0;
+	
+	while(item != NULL)
+	{
+		count++;
+		item = item->next;
+	}
+	return count;
+}

--- crypto/pqueue/pqueue.h	2005-06-08 00:21:14.000000000 +0200
+++ crypto/pqueue/pqueue.h	2009-05-15 16:07:03.000000000 +0200
@@@@ -89,5 +89,6 @@@@
 pitem *pqueue_next(piterator *iter);
 
 void   pqueue_print(pqueue pq);
+int	   pqueue_size(pqueue pq);
 
 #endif /* ! HEADER_PQUEUE_H */

--- ssl/d1_pkt.c	2009-04-23 18:32:40.000000000 +0200
+++ ssl/d1_pkt.c	2009-05-15 16:06:23.000000000 +0200
@@@@ -207,6 +207,10 @@@@
 	DTLS1_RECORD_DATA *rdata;
 	pitem *item;
 
+	/* Limit the size of the queue to prevent DOS attacks */
+	if (pqueue_size(queue->q) >= 100)
+		return 0;
+		
 	rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
 	item = pitem_new(priority, rdata);
 	if (rdata == NULL || item == NULL)
@


1.1
log
@- Security Fix
Security:	CVE-2009-1377
Security:	CVE-2009-1378
Security:	http://article.gmane.org/gmane.comp.security.oss.general/1769
PR:		134653
@
text
@@

