From owner-freebsd-bugs@FreeBSD.ORG Fri Aug 26 18:17:58 2011 Return-Path: Delivered-To: freebsd-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 50D77106568D; Fri, 26 Aug 2011 18:17:58 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) by mx1.freebsd.org (Postfix) with ESMTP id 33A668FC12; Fri, 26 Aug 2011 18:17:58 +0000 (UTC) Received: from delta.delphij.net (drawbridge.ixsystems.com [206.40.55.65]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id C5C8EEE13; Fri, 26 Aug 2011 11:17:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1314382678; bh=238JdNi7B+oupqJSnINigCKwuS6pKEaZFKB3FpfpkO8=; h=Message-ID:Date:From:Reply-To:MIME-Version:CC:Subject:References: In-Reply-To:Content-Type; b=NUIpvQ5oxjcZDT3Trt8iZIP6KUB6Ri/nbgmq2U04n+WLG/8bhGMh17t/QMuWxJ6F+ Nk04LBD19UzfyXSgagAkdFW8AFUsTBdS0kqTtE2d6n49yBmpp6kx1TTVKiBf19n8Uu dNQOi6IHf+CH3fkcUHEwgCEHcJLtaoc1fm0pLQW0= Message-ID: <4E57E354.6070003@delphij.net> Date: Fri, 26 Aug 2011 11:17:56 -0700 From: Xin LI Organization: The FreeBSD Project MIME-Version: 1.0 References: <201108261742.p7QHg6iG099719@freefall.freebsd.org> In-Reply-To: <201108261742.p7QHg6iG099719@freefall.freebsd.org> OpenPGP: id=3FCA37C1; url=http://www.delphij.net/delphij.asc Content-Type: multipart/mixed; boundary="------------080300040206010504010108" Cc: freebsd-bugs@FreeBSD.org, roam@FreeBSD.org Subject: Re: ports/160218: security/stunnel is vulnerable to CVE-2011-2940 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Aug 2011 18:17:58 -0000 This is a multi-part message in MIME format. --------------080300040206010504010108 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Here is a patch (tested with basic tinderboxing). This seems to be a DoS but no remote privilege escalation. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iQEcBAEBCAAGBQJOV+NUAAoJEATO+BI/yjfBJZAH/jGDuaBRoSIo2P4Ja7/E2Hj2 Ja54pMF9gwedGovIWF5PkdE4wL37AJkh632w7NUJtT08ensyousJqY2PSf9ZoEJe Dc7M2qqJt337gWN0bMdPOtdtmBzES6kPWIuBkatd7UY8xq4tZUpqWOF0iCPREC4a 7ADhf8PYyloBaYtVy3Ulfh12XBmxAU9PpoeMrxgtkuxR6ge4HbsL08NeBcCiLn+s IEaRnHlul+PTBcqc3JrC3yqtm8beI9lO6Us74fkf+/zUOw7NRJzdNcP9gHuP6fIF 5MCtoN87d+R4TygYjAgbDH8smC349vBDHTkVdTZXbqTabOiiRndjf104Cqld3x8= =ueFt -----END PGP SIGNATURE----- --------------080300040206010504010108 Content-Type: text/plain; name="stunnel.diff" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="stunnel.diff" SW5kZXg6IE1ha2VmaWxlCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KUkNTIGZpbGU6IC9ob21lL25jdnMvcG9y dHMvc2VjdXJpdHkvc3R1bm5lbC9NYWtlZmlsZSx2CnJldHJpZXZpbmcgcmV2aXNpb24gMS4x MDMKZGlmZiAtdSAtcCAtcjEuMTAzIE1ha2VmaWxlCi0tLSBNYWtlZmlsZQkxIEF1ZyAyMDEx IDE0OjQ3OjQzIC0wMDAwCTEuMTAzCisrKyBNYWtlZmlsZQkyNiBBdWcgMjAxMSAxODoxMzoz NyAtMDAwMApAQCAtNiw3ICs2LDcgQEAKICMKIAogUE9SVE5BTUU9CXN0dW5uZWwKLVBPUlRW RVJTSU9OPQk0LjQxCitQT1JUVkVSU0lPTj0JNC40MgogQ0FURUdPUklFUz0Jc2VjdXJpdHkK IE1BU1RFUl9TSVRFUz0JZnRwOi8vZnRwLnN0dW5uZWwub3JnL3N0dW5uZWwvJVNVQkRJUiUv IFwKIAkJaHR0cDovL21pcnJvcnMuemVyZy5iaXovc3R1bm5lbC8lU1VCRElSJS8gXApJbmRl eDogZGlzdGluZm8KPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTogL2hvbWUvbmN2cy9wb3J0cy9z ZWN1cml0eS9zdHVubmVsL2Rpc3RpbmZvLHYKcmV0cmlldmluZyByZXZpc2lvbiAxLjU4CmRp ZmYgLXUgLXAgLXIxLjU4IGRpc3RpbmZvCi0tLSBkaXN0aW5mbwkxIEF1ZyAyMDExIDE0OjQ3 OjQzIC0wMDAwCTEuNTgKKysrIGRpc3RpbmZvCTI2IEF1ZyAyMDExIDE4OjEzOjQ4IC0wMDAw CkBAIC0xLDIgKzEsMiBAQAotU0hBMjU2IChzdHVubmVsLTQuNDEudGFyLmd6KSA9IDA4ZTBl N2RmNDJiZmI4Yjg1NTFlYjZjNGI1YjUwZWFlNjA1MWFhZjc1MDc3MTAxZDcyOWU2N2M3YTNh MDBjNzIKLVNJWkUgKHN0dW5uZWwtNC40MS50YXIuZ3opID0gNTU3NDY3CitTSEEyNTYgKHN0 dW5uZWwtNC40Mi50YXIuZ3opID0gZDMzYzQwN2JmYzRmNTgwNzBlODE4MDgxYmQwODJjMzhm OTFjYWI3NjkxY2NiYjc5NGRhNjMxNDNjNTM1ZGUzYgorU0laRSAoc3R1bm5lbC00LjQyLnRh ci5neikgPSA1NTgzOTEK --------------080300040206010504010108--