summaryrefslogtreecommitdiffstats
path: root/opensuse/tdelibs/kdelibs-3.5.10-CVE-2009-2702.patch
blob: e6f06a779496b3aa987d4d82ab7b851cf659890a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
diff -pruN kdelibs-3.5.4.orig/kio/kssl/kopenssl.cc kdelibs-3.5.4/kio/kssl/kopenssl.cc
--- kdelibs-3.5.4.orig/kio/kssl/kopenssl.cc	2009-08-31 20:50:12.000000000 +0200
+++ kdelibs-3.5.4/kio/kssl/kopenssl.cc	2009-08-31 21:46:47.000000000 +0200
@@ -196,6 +196,7 @@ static int (*K_X509_NAME_add_entry_by_tx
 static X509_NAME *(*K_X509_NAME_new)() = 0L;
 static int (*K_X509_REQ_set_subject_name)(X509_REQ*,X509_NAME*) = 0L;
 static unsigned char *(*K_ASN1_STRING_data)(ASN1_STRING*) = 0L;
+static int (*K_ASN1_STRING_length)(ASN1_STRING*) = 0L;
 static STACK_OF(SSL_CIPHER) *(*K_SSL_get_ciphers)(const SSL *ssl) = 0L;
 
 #endif
@@ -498,6 +499,7 @@ KConfig *cfg;
       K_X509_NAME_new = (X509_NAME *(*)()) _cryptoLib->symbol("X509_NAME_new");
       K_X509_REQ_set_subject_name = (int (*)(X509_REQ*,X509_NAME*)) _cryptoLib->symbol("X509_REQ_set_subject_name");
       K_ASN1_STRING_data = (unsigned char *(*)(ASN1_STRING*)) _cryptoLib->symbol("ASN1_STRING_data");
+      K_ASN1_STRING_length = (int (*)(ASN1_STRING*)) _cryptoLib->symbol("ASN1_STRING_length");
 #endif
    }
 
@@ -1549,6 +1551,13 @@ unsigned char *KOpenSSLProxy::ASN1_STRIN
    return 0L;
 }
 
+
+int KOpenSSLProxy::ASN1_STRING_length(ASN1_STRING *x) {
+   if (K_ASN1_STRING_length) return (K_ASN1_STRING_length)(x);
+   return 0L;
+}
+
+
 STACK_OF(SSL_CIPHER) *KOpenSSLProxy::SSL_get_ciphers(const SSL* ssl) {
   if (K_SSL_get_ciphers) return (K_SSL_get_ciphers)(ssl);
   return 0L;
diff -pruN kdelibs-3.5.4.orig/kio/kssl/kopenssl.h kdelibs-3.5.4/kio/kssl/kopenssl.h
--- kdelibs-3.5.4.orig/kio/kssl/kopenssl.h	2006-07-22 10:16:39.000000000 +0200
+++ kdelibs-3.5.4/kio/kssl/kopenssl.h	2009-08-31 21:46:47.000000000 +0200
@@ -622,6 +622,11 @@ public:
    unsigned char *ASN1_STRING_data(ASN1_STRING *x);
 
    /*
+    *  ASN1_STRING_length
+    */
+   int ASN1_STRING_length(ASN1_STRING *x);
+
+   /*
     *  
     */
    int OBJ_obj2nid(ASN1_OBJECT *o);
diff -pruN kdelibs-3.5.4.orig/kio/kssl/ksslcertificate.cc kdelibs-3.5.4/kio/kssl/ksslcertificate.cc
--- kdelibs-3.5.4.orig/kio/kssl/ksslcertificate.cc	2006-01-19 18:06:12.000000000 +0100
+++ kdelibs-3.5.4/kio/kssl/ksslcertificate.cc	2009-08-31 21:54:38.000000000 +0200
@@ -1099,7 +1099,9 @@ QStringList KSSLCertificate::subjAltName
 		}
 
 		QString s = (const char *)d->kossl->ASN1_STRING_data(val->d.ia5);
-		if (!s.isEmpty()) {
+		if (!s.isEmpty()  &&
+				/* skip subjectAltNames with embedded NULs */
+				s.length() == d->kossl->ASN1_STRING_length(val->d.ia5)) {
 			rc += s;
 		}
 	}