FreeBSD Mail Archives

Date:      Thu, 18 Jan 2024 15:23:57 GMT
From:      Cy Schubert <cy@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 0990136ed175 - main - kerberos5: Mitigate the possibility of using an old libcrypto
Message-ID:  <202401181523.40IFNvXI077592@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help

The branch main has been updated by cy:

URL: https://cgit.FreeBSD.org/src/commit/?id=0990136ed1753ac7837206f9c5f4b83ccff6c405

commit 0990136ed1753ac7837206f9c5f4b83ccff6c405
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2024-01-18 08:22:20 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2024-01-18 15:12:14 +0000

    kerberos5: Mitigate the possibility of using an old libcrypto
    
    By using the full library name (libcrypto.so.30) we avoid the exposure
    of using an old, possibly vulnerable, library.
    
    Reported by:            jrtc27
    MFC after:              3 days
    X-MFC with:             476d63e091c2
    Fixes:                  476d63e091c2
---
 kerberos5/lib/libroken/fbsd_ossl_provider_load.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kerberos5/lib/libroken/fbsd_ossl_provider_load.c b/kerberos5/lib/libroken/fbsd_ossl_provider_load.c
index 497b32124f96..2328041bc166 100644
--- a/kerberos5/lib/libroken/fbsd_ossl_provider_load.c
+++ b/kerberos5/lib/libroken/fbsd_ossl_provider_load.c
@@ -5,6 +5,7 @@
 #include <openssl/provider.h>
 
 #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
+#define CRYPTO_LIBRARY "/lib/libcrypto.so.30"
 static void fbsd_ossl_provider_unload(void);
 static void print_dlerror(char *);
 static OSSL_PROVIDER *legacy;
@@ -46,7 +47,7 @@ fbsd_ossl_provider_load(void)
 {
 #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
 	if (crypto_lib_handle == NULL) {
-		if (!(crypto_lib_handle = dlopen("/usr/lib/libcrypto.so",
+		if (!(crypto_lib_handle = dlopen(CRYPTO_LIBRARY,
 		    RTLD_LAZY|RTLD_GLOBAL))) {
 			print_dlerror("Unable to load libcrypto.so");
 			return (EINVAL);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202401181523.40IFNvXI077592>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation