From 957ebe98fb0c66bf1fb241efd96a1160cd8cf5ce Mon Sep 17 00:00:00 2001
From: =?utf8?q?Bodo=20M=C3=B6ller?= <bodo@openssl.org>
Date: Tue, 8 Feb 2011 17:10:47 +0000
Subject: [PATCH] OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)

Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
---
 CHANGES           | 5 ++++-
 FAQ               | 2 +-
 LICENSE           | 2 +-
 NEWS              | 4 ++++
 README            | 4 ++--
 STATUS            | 6 +++++-
 crypto/opensslv.h | 6 +++---
 ssl/t1_lib.c      | 8 +++++++-
 util/mkerr.pl     | 2 +-
 9 files changed, 28 insertions(+), 11 deletions(-)

diff --git a/CHANGES b/CHANGES
index b79a6f404d..a0442b5306 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,10 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.8q and 0.9.8r [xx XXX xxxx]
+ Changes between 0.9.8q and 0.9.8r [8 Feb 2011]
+
+  *) Fix parsing of OCSP stapling ClientHello extension.  CVE-2011-0014
+     [Neel Mehta, Adam Langley, Bodo Moeller (Google)]
 
   *) Fix bug in string printing code: if *any* escaping is enabled we must
      escape the escape character (backslash) or the resulting string is
diff --git a/FAQ b/FAQ
index 50e9314082..0e008cbdd5 100644
--- a/FAQ
+++ b/FAQ
@@ -82,7 +82,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 1.0.0c was released on Dec 2nd, 2010.
+OpenSSL 1.0.0d was released on Feb 8th, 2011.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
diff --git a/LICENSE b/LICENSE
index a2c4adcbe6..e47d101f10 100644
--- a/LICENSE
+++ b/LICENSE
@@ -12,7 +12,7 @@
   ---------------
 
 /* ====================================================================
- * Copyright (c) 1998-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
diff --git a/NEWS b/NEWS
index e72d7d8a1b..2f9afe85bb 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,10 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r:
+
+      o Fix for security issue CVE-2011-0014
+
   Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q:
 
       o Fix for security issue CVE-2010-4180
diff --git a/README b/README
index 172f88b1f5..3438b40da5 100644
--- a/README
+++ b/README
@@ -1,7 +1,7 @@
 
- OpenSSL 0.9.8r-dev
+ OpenSSL 0.9.8r
 
- Copyright (c) 1998-2009 The OpenSSL Project
+ Copyright (c) 1998-2011 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
  All rights reserved.
 
diff --git a/STATUS b/STATUS
index d4a9fc22d1..e3e779523f 100644
--- a/STATUS
+++ b/STATUS
@@ -1,13 +1,17 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2010/12/02 18:53:51 $
+  ______________                           $Date: 2011/02/08 17:10:45 $
 
   DEVELOPMENT STATE
 
     o  OpenSSL 1.1.0:  Under development...
+    o  OpenSSL 1.0.1:  Under development...
+    o  OpenSSL 1.0.0d: Released on February   8nd, 2011
+    o  OpenSSL 1.0.0c: Released on December   2nd, 2010
     o  OpenSSL 1.0.0b: Released on November  16th, 2010
     o  OpenSSL 1.0.0a: Released on June      1st,  2010
     o  OpenSSL 1.0.0:  Released on March     29th, 2010
+    o  OpenSSL 0.9.8r: Released on February   8nd, 2011
     o  OpenSSL 0.9.8q: Released on December   2nd, 2010
     o  OpenSSL 0.9.8p: Released on November  16th, 2010
     o  OpenSSL 0.9.8o: Released on June       1st, 2010
diff --git a/crypto/opensslv.h b/crypto/opensslv.h
index c41652765c..385e1f6865 100644
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -25,11 +25,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x00908120L
+#define OPENSSL_VERSION_NUMBER	0x0090812fL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8r-fips-dev xx XXX xxxx"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8r-fips 8 Feb 2011"
 #else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8r-dev xx XXX xxxx"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8r 8 Feb 2011"
 #endif
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 0cc8320e17..92cac13002 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -521,6 +521,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 						}
 					n2s(data, idsize);
 					dsize -= 2 + idsize;
+					size -= 2 + idsize;
 					if (dsize < 0)
 						{
 						*al = SSL_AD_DECODE_ERROR;
@@ -559,9 +560,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 					}
 
 				/* Read in request_extensions */
+				if (size < 2)
+					{
+					*al = SSL_AD_DECODE_ERROR;
+					return 0;
+					}
 				n2s(data,dsize);
 				size -= 2;
-				if (dsize > size) 
+				if (dsize != size)
 					{
 					*al = SSL_AD_DECODE_ERROR;
 					return 0;
diff --git a/util/mkerr.pl b/util/mkerr.pl
index 5d2f2188c1..7a13130d24 100644
--- a/util/mkerr.pl
+++ b/util/mkerr.pl
@@ -313,7 +313,7 @@ foreach $lib (keys %csrc)
 	} else {
 	    push @out,
 "/* ====================================================================\n",
-" * Copyright (c) 2001-2010 The OpenSSL Project.  All rights reserved.\n",
+" * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.\n",
 " *\n",
 " * Redistribution and use in source and binary forms, with or without\n",
 " * modification, are permitted provided that the following conditions\n",
-- 
2.25.1