From owner-freebsd-security@freebsd.org  Fri Mar 26 14:17:19 2021
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id AEB105787AA
 for <freebsd-security@mailman.nyi.freebsd.org>;
 Fri, 26 Mar 2021 14:17:19 +0000 (UTC)
 (envelope-from shawn.webb@hardenedbsd.org)
Received: from mail-qk1-x72d.google.com (mail-qk1-x72d.google.com
 [IPv6:2607:f8b0:4864:20::72d])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4F6PDv0F5bz4kSB
 for <freebsd-security@freebsd.org>; Fri, 26 Mar 2021 14:17:18 +0000 (UTC)
 (envelope-from shawn.webb@hardenedbsd.org)
Received: by mail-qk1-x72d.google.com with SMTP id z10so5288880qkz.13
 for <freebsd-security@freebsd.org>; Fri, 26 Mar 2021 07:17:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hardenedbsd.org; s=google;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-disposition:in-reply-to;
 bh=Zq7RoK8KE30ys5enqJau9lk677qQEPwrwot9x4CO/eI=;
 b=hFfoWiF6sYhUzl2lhHBKkehsWz414D0Vbgny5NcE2jcn+jqS9wAOxavJjtuGiZ6EjF
 lSuzDQer4EJ1+e6UYTIM88HexTPS3BT8KkQwXub5K6eBPAe3dEoAm+GEiQjLqa2oV5zP
 ITLiGjBRZlGQsZ3KhREgLMvWCcMqXRYGDBJetwmqZeqOYVWsfTDXjlRlRP4hu1mT23F0
 i3Zs4tKE0xLcvTsvD8550WywbqAQAN+nPRscPsbhv4jmg659CEFYC+Pjxry8quYuIVAP
 8cvzWJMgyujLWciNHKC4Tsae3+aSNPq/ZqMjDWBgDSGWz2Ka3xeJx7S7OAEMsUYYiZ6U
 /WXA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:references
 :mime-version:content-disposition:in-reply-to;
 bh=Zq7RoK8KE30ys5enqJau9lk677qQEPwrwot9x4CO/eI=;
 b=fmQiMYGZXb3UVjSOq+vonQiHSgg86SXfQDV9M2bM0Fx9CQTkfpdFmGlMXUV39gYsH4
 HLGI3zZxeieY4wxcyHzeG3JeQCGWAdaBbjlMh2TfThfNDSdKA+2WBumMqaMfsbROLP85
 IBFVaAcqgaTSy5ISX5irXlXnTDOQTEV6vPbItzaa7TUBk0W60EvulKc2cKxo1tC6hXWs
 W+e92em6qICtRdqto2Va0PfOavUvnd2keqs8W8/i3Y6MTk48pDB/59j4lz5DtYgrje1h
 atvntd6T+yF8o3ymWKx58TZTyz1YoNZc1JDEwiYCxuOV110Mr91FDcOKhWHmWzfSSQGI
 NEtA==
X-Gm-Message-State: AOAM532zduWepq6eM/+IBq2pCNOwgeIXkbpYyXffjxOdio3jVY3p5cPY
 SBMedGKW85MiH6DHIdpgxbgR49kelO/OtPC9Ppgh9xcWu2QN8s80Br2qBDdRglb16K0NA3QW7Ep
 IINS+kzSlOG5kRfYjrC54bkcPDKMZ/Z6sJHBuPi/Tlc5Zbrh5fQL17QHDXzM1olNbJqe6oXttz4
 ET5F8kgOJP1KA=
X-Google-Smtp-Source: ABdhPJygjF3vgEpQ0XHTkxLkOJjjHnOscRyW7SwKgIhKlBN32S1vRR6nUNJt9Xsb825sAjywoK2GIg==
X-Received: by 2002:a05:620a:55d:: with SMTP id
 o29mr13872896qko.253.1616768237855; 
 Fri, 26 Mar 2021 07:17:17 -0700 (PDT)
Received: from mutt-hbsd (pool-100-16-222-53.bltmmd.fios.verizon.net.
 [100.16.222.53])
 by smtp.gmail.com with ESMTPSA id d68sm6798056qkf.93.2021.03.26.07.17.16
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 26 Mar 2021 07:17:17 -0700 (PDT)
Date: Fri, 26 Mar 2021 10:17:16 -0400
From: Shawn Webb <shawn.webb@hardenedbsd.org>
To: freebsd-security@freebsd.org
Cc: FreeBSD Security Advisories <security-advisories@freebsd.org>
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-21:07.openssl
Message-ID: <20210326141716.zurvwj7octagfupg@mutt-hbsd>
X-Operating-System: FreeBSD mutt-hbsd 14.0-CURRENT-HBSD FreeBSD
 14.0-CURRENT-HBSD 
X-PGP-Key: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/blob/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
References: <20210326000523.F2C6E6428@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="cvk4vgbn3huamglj"
Content-Disposition: inline
In-Reply-To: <20210326000523.F2C6E6428@freefall.freebsd.org>
X-Rspamd-Queue-Id: 4F6PDv0F5bz4kSB
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=hardenedbsd.org header.s=google header.b=hFfoWiF6;
 dmarc=none;
 spf=pass (mx1.freebsd.org: domain of shawn.webb@hardenedbsd.org designates
 2607:f8b0:4864:20::72d as permitted sender)
 smtp.mailfrom=shawn.webb@hardenedbsd.org
X-Spamd-Result: default: False [-4.97 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 TO_DN_SOME(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
 RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[hardenedbsd.org:+];
 RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.87)[-0.871];
 SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+,1:+,2:~];
 RBL_DBL_DONT_QUERY_IPS(0.00)[2607:f8b0:4864:20::72d:from];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 RECEIVED_SPAMHAUS_PBL(0.00)[100.16.222.53:received];
 ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000];
 R_DKIM_ALLOW(-0.20)[hardenedbsd.org:s=google];
 FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000];
 MIME_GOOD(-0.20)[multipart/signed,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org];
 DMARC_NA(0.00)[hardenedbsd.org];
 SPAMHAUS_ZRD(0.00)[2607:f8b0:4864:20::72d:from:127.0.2.255];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::72d:from];
 MID_RHS_NOT_FQDN(0.50)[]; RCVD_TLS_ALL(0.00)[];
 MAILMAN_DEST(0.00)[freebsd-security]
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Mar 2021 14:17:19 -0000


--cvk4vgbn3huamglj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Mar 26, 2021 at 12:05:23AM +0000, FreeBSD Security Advisories wrote:
> A TLSv1.2 renegotiation ClientHello message sent to a TLS server that omi=
ts
> the signature_algorithms extension (where it was present in the initial
> ClientHello), but includes a signature_algorithms_cert extension results =
in a
> NULL pointer dereference in the server. [CVE-2021-3449]
>=20
> III. Impact
>=20
> The X509_V_FLAG_X509_STRICT issue can result in a bypass of the check that
> non-CA certificates must not be able to issue other certificates.
>=20
> The renegotiation issue can result in a crash and a denial of service att=
ack.

Hey all,

Has anyone looked at if/how setting map_at_zero=3D1 impacts the null ptr
deref issue?

Thanks,

--=20
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A=
4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc

--cvk4vgbn3huamglj
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmBd7OkACgkQ/y5nonf4
4frrmxAAlzyafFUlwtJ5soaz2J9of7fdiKJ3PwrJvlwDmSoPtJya2omD9pX0IL7f
OLkTFCzWMjrkRvjpKU8ZUzfQEST9eeVvRrMxysiT+SMC1OxB7RK4+WCzZ0lJEJNz
lxn/BvFPABa2k4jGiZTfghW3BiCYiwBmHcptc0xqO3r9Ng9OqBdYwUFrar/ByCgC
vZMSPpPJ65LxOvFn3vnw3geZZ2MF0+zvyJ3FN352g+t+GpB/HSBLY55x1Fb+kj2M
hQvLdFH8h9SelV9Wtny1fi/tecZgFR8ZL/C7A/tFMAQ9fqASDXmCTy4vGgfaqvpx
dpnr6ZZLuXdz2dWgttP0Pgf7xGi7yfV4z+74aBVQx0zoJdZElgjToOVc/HubDt3T
SZ9QLv2b5yJikS2DAZZI7nYfWaeJiDmBGVi9aPEFJyU3pdYkJlEeTpbIB9+JFJsn
OrVrg7DuaAAEdxItHAhYn7sjLP/l1b9cn8PEbpjYJ5+L8hiBywg+ARnxy/hy4HfO
rw6yqmHb59YZT7a9Gt1wnguNZEEglD28WCFDAbdBqRon0orofLQde4rRm4O6Od8z
kTpr10ZpAhYnOceTZsIq3QmqPy7YD2DBaZJJ8sVCyQhM4k0w9DnlxE6dbxC8VUCs
Uj7G6/RgbCL50M8lCoSJO+16ri9VCQAZh/Y6PL7B6sfgjE/qqBo=
=Iba9
-----END PGP SIGNATURE-----

--cvk4vgbn3huamglj--