Date: Tue, 28 May 2024 17:04:41 GMT From: Bernard Spil <brnrd@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org Subject: git: 574b059ed440 - 2024Q2 - security/openssl32: Security update for CVE-2024-4741 Message-ID: <202405281704.44SH4fpJ010480@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch 2024Q2 has been updated by brnrd: URL: https://cgit.FreeBSD.org/ports/commit/?id=574b059ed44007cef0aa51a7853d33849a9127fd commit 574b059ed44007cef0aa51a7853d33849a9127fd Author: Bernard Spil <brnrd@FreeBSD.org> AuthorDate: 2024-05-28 16:42:16 +0000 Commit: Bernard Spil <brnrd@FreeBSD.org> CommitDate: 2024-05-28 17:00:15 +0000 security/openssl32: Security update for CVE-2024-4741 Security: 73a697d7-1d0f-11ef-a490-84a93843eb75 MFH: 2024Q2 (cherry picked from commit 004078f59293ef7efb616daeb0c065a0c1f9bea4) --- security/openssl32/Makefile | 2 +- security/openssl32/files/patch-CVE-2024-4741 | 36 ++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/security/openssl32/Makefile b/security/openssl32/Makefile index fd1d67a00317..c9081410da74 100644 --- a/security/openssl32/Makefile +++ b/security/openssl32/Makefile @@ -1,6 +1,6 @@ PORTNAME= openssl DISTVERSION= 3.2.1 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security devel MASTER_SITES= https://www.openssl.org/source/ \ ftp://ftp.cert.dfn.de/pub/tools/net/openssl/source/ diff --git a/security/openssl32/files/patch-CVE-2024-4741 b/security/openssl32/files/patch-CVE-2024-4741 new file mode 100644 index 000000000000..78aea45553ce --- /dev/null +++ b/security/openssl32/files/patch-CVE-2024-4741 @@ -0,0 +1,36 @@ +From c88c3de51020c37e8706bf7a682a162593053aac Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Tue, 23 Apr 2024 16:34:46 +0100 +Subject: [PATCH] Only free the read buffers if we're not using them + +If we're part way through processing a record, or the application has +not released all the records then we should not free our buffer because +they are still needed. + +CVE-2024-4741 + +Reviewed-by: Tomas Mraz <tomas@openssl.org> +Reviewed-by: Neil Horman <nhorman@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/24395) + +(cherry picked from commit 38690cab18de88198f46478565fab423cf534efa) +--- + ssl/record/methods/tls_common.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c +index 08e519ac7a385..f46da0fd5b33f 100644 +--- ssl/record/methods/tls_common.c.orig ++++ ssl/record/methods/tls_common.c +@@ -2129,7 +2129,10 @@ int tls_free_buffers(OSSL_RECORD_LAYER *rl) + /* Read direction */ + + /* If we have pending data to be read then fail */ +- if (rl->curr_rec < rl->num_recs || TLS_BUFFER_get_left(&rl->rbuf) != 0) ++ if (rl->curr_rec < rl->num_recs ++ || rl->curr_rec != rl->num_released ++ || TLS_BUFFER_get_left(&rl->rbuf) != 0 ++ || rl->rstate == SSL_ST_READ_BODY) + return 0; + + return tls_release_read_buffer(rl);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202405281704.44SH4fpJ010480>