[libio-socket-ssl-perl] 01/02: Fix segfault using malformed client certificates
Salvatore Bonaccorso
carnil at debian.org
Fri Dec 1 22:50:31 UTC 2017
This is an automated email from the git hooks/post-receive script.
carnil pushed a commit to branch jessie
in repository libio-socket-ssl-perl.
commit 59086e2c9d4390108ed81e4142499ead42fd17ad
Author: Salvatore Bonaccorso <carnil at debian.org>
Date: Fri Dec 1 20:39:38 2017 +0100
Fix segfault using malformed client certificates
Closes: #881711
---
...rror-if-cert-key-could-not-be-used-instea.patch | 25 ++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 26 insertions(+)
diff --git a/debian/patches/0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch b/debian/patches/0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch
new file mode 100644
index 0000000..333858c
--- /dev/null
+++ b/debian/patches/0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch
@@ -0,0 +1,25 @@
+From: Steffen Ullrich <Steffen_Ullrich at genua.de>
+Date: Sun, 26 Oct 2014 18:23:15 +0100
+Subject: Propagate error if cert/key could not be used instead of continuing
+ with an invalid context which might cause a segmentation fault
+Origin: https://github.com/noxxi/p5-io-socket-ssl/commit/a09f29f423859565bc0384dcfbbc75811d9e4e4a
+Bug-Debian: https://bugs.debian.org/881711
+
+---
+
+diff --git a/lib/IO/Socket/SSL.pm b/lib/IO/Socket/SSL.pm
+index 13c6680..2330b45 100644
+--- a/lib/IO/Socket/SSL.pm
++++ b/lib/IO/Socket/SSL.pm
+@@ -489,7 +489,7 @@ sub configure_SSL {
+
+ # create context
+ # this will fill in defaults in $arg_hash
+- $ctx ||= IO::Socket::SSL::SSL_Context->new($arg_hash);
++ $ctx ||= IO::Socket::SSL::SSL_Context->new($arg_hash) || return;
+
+ ${*$self}{'_SSL_arguments'} = $arg_hash;
+ ${*$self}{'_SSL_ctx'} = $ctx;
+--
+2.15.1
+
diff --git a/debian/patches/series b/debian/patches/series
index acd99df..961bb29 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
0001-use-only-ICANN-part-in-public-suffix-list.patch
0001-make-PublicSuffix-_default_data-thread-safe-by-stori.patch
0001-remove-r-for-checking-SSL_-cert-key-_file-since-this.patch
+0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libio-socket-ssl-perl.git
More information about the Pkg-perl-cvs-commits
mailing list