diff options
| author | tpearson <tpearson@283d02a7-25f6-0310-bc7c-ecb5cbfe19da> | 2010-09-29 05:15:51 +0000 |
|---|---|---|
| committer | tpearson <tpearson@283d02a7-25f6-0310-bc7c-ecb5cbfe19da> | 2010-09-29 05:15:51 +0000 |
| commit | 33e60e8e78543462d31e8c6a7c3577ffe18b6647 (patch) | |
| tree | f655bb5f0a2e19a2396aeea199df3d9caf60c119 /kio/kssl | |
| parent | c9b50480aa0c5ccbf1a4a4005fd735be3a3e0841 (diff) | |
| download | tdelibs-33e60e8e78543462d31e8c6a7c3577ffe18b6647.tar.gz tdelibs-33e60e8e78543462d31e8c6a7c3577ffe18b6647.zip | |
Critical security patches for the following vulnerabilities:
CVE-2009-0689
CVE-2009-1687
CVE-2009-1690
CVE-2009-1698
CVE-2009-2702
git-svn-id: svn://anonsvn.kde.org/home/kde/branches/trinity/kdelibs@1180823 283d02a7-25f6-0310-bc7c-ecb5cbfe19da
Diffstat (limited to 'kio/kssl')
| -rw-r--r-- | kio/kssl/kopenssl.cc | 7 | ||||
| -rw-r--r-- | kio/kssl/kopenssl.h | 5 | ||||
| -rw-r--r-- | kio/kssl/ksslcertificate.cc | 4 |
3 files changed, 15 insertions, 1 deletions
diff --git a/kio/kssl/kopenssl.cc b/kio/kssl/kopenssl.cc index ababf37a0..70d36cd8e 100644 --- a/kio/kssl/kopenssl.cc +++ b/kio/kssl/kopenssl.cc @@ -201,6 +201,7 @@ static int (*K_X509_NAME_add_entry_by_txt)(X509_NAME*, char*, int, unsigned char static X509_NAME *(*K_X509_NAME_new)() = 0L; static int (*K_X509_REQ_set_subject_name)(X509_REQ*,X509_NAME*) = 0L; static unsigned char *(*K_ASN1_STRING_data)(ASN1_STRING*) = 0L; +static int (*K_ASN1_STRING_length)(ASN1_STRING*) = 0L; static STACK_OF(SSL_CIPHER) *(*K_SSL_get_ciphers)(const SSL *ssl) = 0L; #endif @@ -504,6 +505,7 @@ KConfig *cfg; K_X509_NAME_new = (X509_NAME *(*)()) _cryptoLib->symbol("X509_NAME_new"); K_X509_REQ_set_subject_name = (int (*)(X509_REQ*,X509_NAME*)) _cryptoLib->symbol("X509_REQ_set_subject_name"); K_ASN1_STRING_data = (unsigned char *(*)(ASN1_STRING*)) _cryptoLib->symbol("ASN1_STRING_data"); + K_ASN1_STRING_length = (int (*)(ASN1_STRING*)) _cryptoLib->symbol("ASN1_STRING_length"); #endif } @@ -1561,6 +1563,11 @@ unsigned char *KOpenSSLProxy::ASN1_STRING_data(ASN1_STRING *x) { return 0L; } +int KOpenSSLProxy::ASN1_STRING_length(ASN1_STRING *x) { + if (K_ASN1_STRING_length) return (K_ASN1_STRING_length)(x); + return 0L; +} + STACK_OF(SSL_CIPHER) *KOpenSSLProxy::SSL_get_ciphers(const SSL* ssl) { if (K_SSL_get_ciphers) return (K_SSL_get_ciphers)(ssl); return 0L; diff --git a/kio/kssl/kopenssl.h b/kio/kssl/kopenssl.h index e4f6de0e8..24130807a 100644 --- a/kio/kssl/kopenssl.h +++ b/kio/kssl/kopenssl.h @@ -633,6 +633,11 @@ public: */ unsigned char *ASN1_STRING_data(ASN1_STRING *x); + /* + * ASN1_STRING_length + */ + int ASN1_STRING_length(ASN1_STRING *x); + /* * */ diff --git a/kio/kssl/ksslcertificate.cc b/kio/kssl/ksslcertificate.cc index 73a8451ca..285bb1d2d 100644 --- a/kio/kssl/ksslcertificate.cc +++ b/kio/kssl/ksslcertificate.cc @@ -1113,7 +1113,9 @@ TQStringList KSSLCertificate::subjAltNames() const { } TQString s = (const char *)d->kossl->ASN1_STRING_data(val->d.ia5); - if (!s.isEmpty()) { + if (!s.isEmpty() && + /* skip subjectAltNames with embedded NULs */ + s.length() == d->kossl->ASN1_STRING_length(val->d.ia5)) { rc += s; } } |