Date: Tue, 30 Sep 2025 15:37:35 GMT From: Gordon Tetlow <gordon@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: ae7c74cfa531 - releng/13.5 - Fix issue from OpenSSL. Message-ID: <202509301537.58UFbZTL068040@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch releng/13.5 has been updated by gordon: URL: https://cgit.FreeBSD.org/src/commit/?id=ae7c74cfa5315e590cf7ef6fe8fe5e72330597e9 commit ae7c74cfa5315e590cf7ef6fe8fe5e72330597e9 Author: Gordon Tetlow <gordon@FreeBSD.org> AuthorDate: 2025-09-30 15:28:59 +0000 Commit: Gordon Tetlow <gordon@FreeBSD.org> CommitDate: 2025-09-30 15:32:35 +0000 Fix issue from OpenSSL. Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230) Obtained from: OpenSSL Approved by: so Security: FreeBSD-SA-25:08.openssl Security: CVE-2025-9230 (cherry picked from commit c0dbaf2b5dbd16c113a6346ee748fd474fe192e5) --- crypto/openssl/crypto/cms/cms_pwri.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/openssl/crypto/cms/cms_pwri.c b/crypto/openssl/crypto/cms/cms_pwri.c index d7414883396c..9f98840244ea 100644 --- a/crypto/openssl/crypto/cms/cms_pwri.c +++ b/crypto/openssl/crypto/cms/cms_pwri.c @@ -215,7 +215,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen, /* Check byte failure */ goto err; } - if (inlen < (size_t)(tmp[0] - 4)) { + if (inlen < 4 + (size_t)tmp[0]) { /* Invalid length value */ goto err; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202509301537.58UFbZTL068040>