[libio-socket-ssl-perl] 01/02: Fix segfault using malformed client certificates

Salvatore Bonaccorso carnil at debian.org
Fri Dec 1 22:50:31 UTC 2017 

This is an automated email from the git hooks/post-receive script.

carnil pushed a commit to branch jessie
in repository libio-socket-ssl-perl.

commit 59086e2c9d4390108ed81e4142499ead42fd17ad
Author: Salvatore Bonaccorso <carnil at debian.org>
Date:   Fri Dec 1 20:39:38 2017 +0100

    Fix segfault using malformed client certificates
    
    Closes: #881711
---
 ...rror-if-cert-key-could-not-be-used-instea.patch | 25 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 2 files changed, 26 insertions(+)

diff --git a/debian/patches/0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch b/debian/patches/0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch
new file mode 100644
index 0000000..333858c
--- /dev/null
+++ b/debian/patches/0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch
@@ -0,0 +1,25 @@
+From: Steffen Ullrich <Steffen_Ullrich at genua.de>
+Date: Sun, 26 Oct 2014 18:23:15 +0100
+Subject: Propagate error if cert/key could not be used instead of continuing
+ with an invalid context which might cause a segmentation fault
+Origin: https://github.com/noxxi/p5-io-socket-ssl/commit/a09f29f423859565bc0384dcfbbc75811d9e4e4a
+Bug-Debian: https://bugs.debian.org/881711
+
+---
+
+diff --git a/lib/IO/Socket/SSL.pm b/lib/IO/Socket/SSL.pm
+index 13c6680..2330b45 100644
+--- a/lib/IO/Socket/SSL.pm
++++ b/lib/IO/Socket/SSL.pm
+@@ -489,7 +489,7 @@ sub configure_SSL {
+ 
+     # create context
+     # this will fill in defaults in $arg_hash
+-    $ctx ||= IO::Socket::SSL::SSL_Context->new($arg_hash);
++    $ctx ||= IO::Socket::SSL::SSL_Context->new($arg_hash) || return;
+ 
+     ${*$self}{'_SSL_arguments'} = $arg_hash;
+     ${*$self}{'_SSL_ctx'} = $ctx;
+-- 
+2.15.1
+
diff --git a/debian/patches/series b/debian/patches/series
index acd99df..961bb29 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 0001-use-only-ICANN-part-in-public-suffix-list.patch
 0001-make-PublicSuffix-_default_data-thread-safe-by-stori.patch
 0001-remove-r-for-checking-SSL_-cert-key-_file-since-this.patch
+0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libio-socket-ssl-perl.git

More information about the Pkg-perl-cvs-commits mailing list