Date: Wed, 14 May 2014 03:36:46 +0400 From: Andrey Chernov <ache@freebsd.org> To: Xin LI <delphij@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: Re: svn commit: r265986 - stable/10/crypto/openssl/ssl Message-ID: <5372AC8E.1070507@freebsd.org> In-Reply-To: <201405132319.s4DNJH7T055013@svn.freebsd.org> References: <201405132319.s4DNJH7T055013@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 14.05.2014 3:19, Xin LI wrote: > Author: delphij > Date: Tue May 13 23:19:16 2014 > New Revision: 265986 > URL: http://svnweb.freebsd.org/changeset/base/265986 > > Log: > Fix OpenSSL NULL pointer deference vulnerability. > > Obtained from: OpenBSD > Security: FreeBSD-SA-14:09.openssl > Security: CVE-2014-0198 Official fix is a bit different: https://github.com/openssl/openssl/commit/b107586c0c3447ea22dba8698ebbcd81bb29d48c from https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321 Do we follow official branch or OpenBSD fixes? > > Modified: > stable/10/crypto/openssl/ssl/s3_pkt.c > > Modified: stable/10/crypto/openssl/ssl/s3_pkt.c > ============================================================================== > --- stable/10/crypto/openssl/ssl/s3_pkt.c Tue May 13 23:17:24 2014 (r265985) > +++ stable/10/crypto/openssl/ssl/s3_pkt.c Tue May 13 23:19:16 2014 (r265986) > @@ -657,6 +657,10 @@ static int do_ssl3_write(SSL *s, int typ > if (i <= 0) > return(i); > /* if it went, fall through and send more stuff */ > + /* we may have released our buffer, so get it again */ > + if (wb->buf == NULL) > + if (!ssl3_setup_write_buffer(s)) > + return -1; > } > > if (len == 0 && !create_empty_fragment) > -- http://ache.vniz.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5372AC8E.1070507>