Date: Sun, 13 Apr 2014 21:18:43 -0700 From: Cy Schubert <Cy.Schubert@komquats.com> To: Dirk Meyer <dinoex@FreeBSD.org>, so@freebsd.org, benl@freebsd.org Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, Gleb Smirnoff <glebius@FreeBSD.org>, ports-committers@freebsd.org Subject: Re: svn commit: r351191 - in head/security/openssl: . files Message-ID: <201404140418.s3E4Ihdp016237@slippy.cwsent.com> In-Reply-To: Message from Dirk Meyer <dinoex@FreeBSD.org> of "Sun, 13 Apr 2014 08:40:14 -0000." <201404130840.s3D8eE1X031490@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <201404130840.s3D8eE1X031490@svn.freebsd.org>, Dirk Meyer writes: > Author: dinoex > Date: Sun Apr 13 08:40:13 2014 > New Revision: 351191 > URL: http://svnweb.freebsd.org/changeset/ports/351191 > QAT: https://qat.redports.org/buildarchive/r351191/ > > Log: > - fix a 4 year old "use-after-free" problem > https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest > http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse > http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/008_openssl.patch > Obtained from: OpenBSD > > Added: > head/security/openssl/files/patch-ssl-s3_pkt.c (contents, props changed) > Modified: > head/security/openssl/Makefile > > Modified: head/security/openssl/Makefile > ============================================================================= > = > --- head/security/openssl/Makefile Sun Apr 13 08:34:32 2014 (r35119 > 0) > +++ head/security/openssl/Makefile Sun Apr 13 08:40:13 2014 (r35119 > 1) > @@ -4,7 +4,7 @@ > PORTNAME= openssl > PORTVERSION= 1.0.1 > DISTVERSIONSUFFIX= g > -PORTREVISION= 10 > +PORTREVISION= 11 > CATEGORIES= security devel > MASTER_SITES= http://www.openssl.org/%SUBDIR%/ \ > ftp://ftp.openssl.org/%SUBDIR%/ \ > > Added: head/security/openssl/files/patch-ssl-s3_pkt.c > ============================================================================= > = > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > +++ head/security/openssl/files/patch-ssl-s3_pkt.c Sun Apr 13 08:40:13 201 > 4 (r351191) > @@ -0,0 +1,13 @@ > +Index: crypto/openssl/ssl/s3_pkt.c > +=================================================================== > +--- ssl/s3_pkt.c (revision 264309) > ++++ ssl/s3_pkt.c (working copy) > +@@ -1055,7 +1055,7 @@ start: > + { > + s->rstate=SSL_ST_READ_HEADER; > + rr->off=0; > +- if (s->mode & SSL_MODE_RELEASE_BUFFERS) > ++ if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3 > ->rbuf.left == 0) > + ssl3_release_read_buffer(s); > + } > + } > > I don't see this in base. Would this not be a good candidate for openssl in base? -- Cheers, Cy Schubert <Cy.Schubert@komquats.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404140418.s3E4Ihdp016237>