From owner-freebsd-security@FreeBSD.ORG Sun Apr 13 22:40:51 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id F1AFC531; Sun, 13 Apr 2014 22:40:51 +0000 (UTC) Received: from nskntmtas04p.mx.bigpond.com (nskntmtas04p.mx.bigpond.com [61.9.168.146]) by mx1.freebsd.org (Postfix) with ESMTP id 6803B1D16; Sun, 13 Apr 2014 22:40:51 +0000 (UTC) Received: from nskntcmgw05p ([61.9.169.165]) by nskntmtas04p.mx.bigpond.com with ESMTP id <20140413224044.BWPM17495.nskntmtas04p.mx.bigpond.com@nskntcmgw05p>; Sun, 13 Apr 2014 22:40:44 +0000 Received: from hermes.heuristicsystems.com.au ([121.210.107.100]) by nskntcmgw05p with BigPond Outbound id pagk1n00829zwdD01agkXl; Sun, 13 Apr 2014 22:40:44 +0000 X-Authority-Analysis: v=2.0 cv=W5W6pGqk c=1 sm=1 a=SEJ2iDwVkb98DYvesvueMw==:17 a=JipEcVzqA9wA:10 a=e2fqWSVUWYYA:10 a=8nJEP1OIZ-IA:10 a=GHIR_BbyAAAA:8 a=3tcz3bTJAAAA:8 a=OxEAv6DlAAAA:8 a=Ntg_Zx-WAAAA:8 a=6I5d2MoRAAAA:8 a=4tlpSyZ5_jFHVkki-E8A:9 a=wPNLvfGTeEIA:10 a=jPEJIK0TjPAA:10 a=OrBpBuw_MJkA:10 a=SEJ2iDwVkb98DYvesvueMw==:117 Received: from [10.0.5.3] (ewsw01.hs [10.0.5.3]) (authenticated bits=0) by hermes.heuristicsystems.com.au (8.14.5/8.13.6) with ESMTP id s3DMea1N016097 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 14 Apr 2014 08:40:37 +1000 (EST) (envelope-from dewayne.geraghty@heuristicsystems.com.au) Message-ID: <534B125C.90000@heuristicsystems.com.au> Date: Mon, 14 Apr 2014 08:40:28 +1000 From: Dewayne Geraghty User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org, dinoex@freebsd.org Subject: Re: OpenSSL followup SSL_MODE_RELEASE_BUFFERS References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Apr 2014 22:40:52 -0000 On 13/04/2014 6:09 PM, Christian Kratzer wrote: > Hi, > > apparentyly openbsd has more or less silently fixed an older openssl > issue that has been stuck in the openssl bug tracker: > > The openbsd patch: > > http://www.openbsd.org/errata55.html#004_openssl > > > http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig > > The original issue: > > > http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse > > Here is the openssl bug: > > http://rt.openssl.org/Ticket/Display.html?id=2167 > > The patch; > > diff -u -p -u -r1.20 -r1.20.4.1 > --- lib/libssl/src/ssl/s3_pkt.c 27 Feb 2014 21:04:57 -0000 1.20 > +++ lib/libssl/src/ssl/s3_pkt.c 12 Apr 2014 17:01:14 -0000 > 1.20.4.1 > @@ -1054,7 +1054,7 @@ start: > { > s->rstate=SSL_ST_READ_HEADER; > rr->off=0; > - if (s->mode & SSL_MODE_RELEASE_BUFFERS) > + if (s->mode & SSL_MODE_RELEASE_BUFFERS && > s->s3->rbuf.left == 0) > ssl3_release_read_buffer(s); > } > } > > Can somebody rattle openssl upstream to get them to comment on this ? > > Should freebsd roll out a patch ? > > Greetings > Christian > Thank-you Dirk for promptly deploying the patch to openssl port: http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191&view=markup Regards, Dewayne