Date: Thu, 28 Mar 2019 14:07:25 +0000 (UTC) From: Alexey Dokuchaev <danfe@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r497022 - in head/net/ss5: . files Message-ID: <201903281407.x2SE7Pjq071969@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: danfe Date: Thu Mar 28 14:07:25 2019 New Revision: 497022 URL: https://svnweb.freebsd.org/changeset/ports/497022 Log: - Unbreak the build against modern OpenSSL versions - Plug a few memory leaks in ss5_secure_dh_compute_key() - Remove no-op sed(1) call, it does not modify anything Added: head/net/ss5/files/patch-modules_mod__authen_SS5Supa.c (contents, props changed) Modified: head/net/ss5/Makefile Modified: head/net/ss5/Makefile ============================================================================== --- head/net/ss5/Makefile Thu Mar 28 14:07:22 2019 (r497021) +++ head/net/ss5/Makefile Thu Mar 28 14:07:25 2019 (r497022) @@ -3,6 +3,7 @@ PORTNAME= ss5 DISTVERSION= 3.8.9-8 +PORTREVISION= 1 CATEGORIES= net security MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/${DISTVERSION} @@ -30,7 +31,6 @@ MAKE_ARGS+= CC="${CC}" OPTIONS_DEFINE= DOCS EXAMPLES post-patch: - @${REINPLACE_CMD} -e 's,/usr/local,${PREFIX},g' ${WRKSRC}/Makefile.in @${REINPLACE_CMD} -e 's,/usr/local/etc/opt/ss5,${PREFIX}/etc/ss5,' \ ${WRKSRC}/include/config.h.in Added: head/net/ss5/files/patch-modules_mod__authen_SS5Supa.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/ss5/files/patch-modules_mod__authen_SS5Supa.c Thu Mar 28 14:07:25 2019 (r497022) @@ -0,0 +1,120 @@ +--- modules/mod_authen/SS5Supa.c.orig 2011-08-26 12:28:01 UTC ++++ modules/mod_authen/SS5Supa.c +@@ -188,6 +188,7 @@ static unsigned char * ss5_secure_dh_compute_key (int + + DH * ss = DH_new(); + BIGNUM * a = NULL; ++ BIGNUM *p, *g; + int len = 1; + unsigned char * public_key = NULL; + uint32_t len_key = 0; +@@ -205,41 +206,85 @@ static unsigned char * ss5_secure_dh_compute_key (int + else + pid=(UINT)pthread_self(); + +- ss->p = BN_bin2bn ((pippo->p), pippo->lenp, NULL); +- ss->g = BN_bin2bn ((pippo->g), pippo->leng, NULL); ++ p = BN_bin2bn ((pippo->p), pippo->lenp, NULL); ++ g = BN_bin2bn ((pippo->g), pippo->leng, NULL); ++ if (p == NULL || g == NULL) { ++ BN_free(g); ++ BN_free(p); ++ DH_free(ss); ++ return NULL; ++ } ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ DH_set0_pqg(ss, p, NULL, g); ++#else ++ ss->p = p; ++ ss->g = g; ++#endif + a = BN_bin2bn ((pippo->a), pippo->lena, NULL); ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ if (!a || !p || !g) { ++#else + if (!a || !ss->p || !ss->g){ ++#endif + if( VERBOSE() ) { + snprintf(logString,256 - 1,"[%u] [VERB] ss5_secure_dh_compute_key - Error when compute a, p, g",pid); + LOGUPDATE() + } ++ BN_free(a); ++ BN_free(g); ++ BN_free(p); ++ DH_free(ss); + return NULL; + } + do { ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ if (DH_get0_pub_key(ss)) { ++ BN_free(DH_get0_pub_key(ss)); ++ BN_free(DH_get0_priv_key(ss)); ++#else + if (ss->pub_key){ + BN_free(ss->pub_key); + BN_free(ss->priv_key); ++#endif + } + if ( DH_generate_key(ss) == 0){ + if( VERBOSE() ) { + snprintf(logString,256 - 1,"[%u] [VERB] ss5_secure_dh_compute_key - Error when compute the keys",pid); + LOGUPDATE() + } ++ BN_free(a); ++ BN_free(g); ++ BN_free(p); ++ DH_free(ss); + return NULL; + } ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ } while (BN_is_negative(DH_get0_pub_key(ss))); ++ ++ len_key = BN_num_bytes(DH_get0_pub_key(ss)); ++#else + }while(ss->pub_key->neg); + + len_key = BN_num_bytes(ss->pub_key); ++#endif + public_key = malloc(len_key); + if (!public_key){ + if( VERBOSE() ) { + snprintf(logString,256 - 1,"[%u] [VERB] ss5_secure_dh_compute_key - malloc error",pid); + LOGUPDATE() + } ++ BN_free(a); ++ BN_free(g); ++ BN_free(p); ++ DH_free(ss); + return NULL; + } + ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ BN_bn2bin (DH_get0_pub_key(ss), public_key); ++#else + BN_bn2bin (ss->pub_key, public_key); ++#endif + ss5_create_dh_response(s, public_key, len_key); + #if 0 + printf("B computed: len is %d\n",len_key); +@@ -256,6 +301,10 @@ static unsigned char * ss5_secure_dh_compute_key (int + snprintf(logString,256 - 1,"[%u] [VERB] ss5_secure_dh_compute_key - malloc error",pid); + LOGUPDATE() + } ++ BN_free(a); ++ BN_free(g); ++ BN_free(p); ++ DH_free(ss); + return NULL; + } + bzero(session_key, DH_size (ss)); +@@ -266,6 +315,10 @@ static unsigned char * ss5_secure_dh_compute_key (int + printf("%02x ", session_key[len]); + printf("\n"); + #endif ++ BN_free(a); ++ BN_free(g); ++ BN_free(p); ++ DH_free(ss); + return session_key; + } +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201903281407.x2SE7Pjq071969>