20 lines
682 B
Plaintext
20 lines
682 B
Plaintext
$OpenBSD: patch-socket_c,v 1.5 2012/06/22 14:38:28 jasper Exp $
|
|
|
|
Fix potential for information disclosure under active attack. CVE-2011-3389
|
|
|
|
--- socket.c.orig Sun Aug 21 09:34:58 2011
|
|
+++ socket.c Wed Jun 20 16:14:40 2012
|
|
@@ -896,6 +896,12 @@ int SSLOpen(int sock, char *mycert, char *mykey, const
|
|
|
|
SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL);
|
|
|
|
+ {
|
|
+ char *tmp = getenv("FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE");
|
|
+ if (tmp == NULL || *tmp == '\0' || strspn(tmp, " \t") == strlen(tmp))
|
|
+ SSL_CTX_clear_options(_ctx[sock], SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
|
|
+ }
|
|
+
|
|
if (certck) {
|
|
SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback);
|
|
} else {
|