From owner-svn-src-head@freebsd.org Mon Aug 1 23:58:57 2016 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5D984BABC84 for ; Mon, 1 Aug 2016 23:58:57 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qt0-x232.google.com (mail-qt0-x232.google.com [IPv6:2607:f8b0:400d:c0d::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 111AF1657 for ; Mon, 1 Aug 2016 23:58:57 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-qt0-x232.google.com with SMTP id w38so114460279qtb.0 for ; Mon, 01 Aug 2016 16:58:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=ysjunms+QdS2C4p/jtg7Bt7RttApDDtzfw50mTmUvfk=; b=rdsjb+npOFgY298esnd+tYUOoi50V5w1KMrAYX5z1ydSucs7TnZDPK7oj+OJo4fCZd lW0mam8P7hpn01P7p9DBu4pieVK2WXVdXRHApdf35cEz9tpC8yhVlqkP9c8DKeKsZe2q vCdQBiR5AHTgQhCSXdD3kPVEvijBhmqDEzqFpGf6/IRbC3fuZYdQXyubBXhYxlMJ1pbd jd4awaRRxyAl3aSc2RvJGv0h6CBHoYEKXFeL5GzFXHmv1jXillMo7xRGwJbncirmCNNd 15DxoZE8xQnBP5V5dy6BV87o3iMZhXME2iK2QwUO6+joyeUmeemT+dv2Ekv1IVPyt3Dl X3KQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=ysjunms+QdS2C4p/jtg7Bt7RttApDDtzfw50mTmUvfk=; b=OjEyg+E4VwGdjX9diDPfbyJ+GrpNreD+xTE4VjQyDw2oX6b3t8kqKG2j5SKC5uXssr n9p9Hme7qhuHs/B/EFSqTl62ozxsiAI2RAPpqBVixR7Z/GFQ0vqG+92dWtsdrHhIweAL kLb5ax0cNEsugbhz+xswb7YnWoDy57WuWjYVG0yRwo0g3ThfS3eGv9X1VLzwYgL+13dp Oug7WnupaZwwmI7j49FolLU0gjDN2adYUDsCG+aGEirqpaQYc1r20vPLj2hWAxK2vBgU RxFauc9Urhsi8l8eeVbMR9K87NjxHyiYOsi4gALyiyG0DIJCg+Cn1t1jaVzWK2Lc25up C0hQ== X-Gm-Message-State: AEkoouscEdpzKvd5Px47lE4fQt5dXqxMbHHJHZSTKtRjO5ZWwr9xnXqbNeprGS9Y4oG8PE54 X-Received: by 10.237.39.34 with SMTP id n31mr86912148qtd.55.1470095936179; Mon, 01 Aug 2016 16:58:56 -0700 (PDT) Received: from mutt-hardenedbsd (pool-100-16-217-171.bltmmd.fios.verizon.net. [100.16.217.171]) by smtp.gmail.com with ESMTPSA id j6sm19049725qke.26.2016.08.01.16.58.54 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 01 Aug 2016 16:58:54 -0700 (PDT) Date: Mon, 1 Aug 2016 19:58:52 -0400 From: Shawn Webb To: Conrad Meyer Cc: src-committers , svn-src-all@freebsd.org, svn-src-head@freebsd.org, "secteam@FreeBSD.org" , ecturt@gmail.com Subject: Re: svn commit: r303650 - head/sys/opencrypto Message-ID: <20160801235852.GH7956@mutt-hardenedbsd> References: <201608012257.u71Mv3YA030076@repo.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="nOM8ykUjac0mNN89" Content-Disposition: inline In-Reply-To: X-Operating-System: FreeBSD mutt-hardenedbsd 12.0-CURRENT-HBSD FreeBSD 12.0-CURRENT-HBSD X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: Mutt/1.6.1 (2016-04-27) X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Aug 2016 23:58:57 -0000 --nOM8ykUjac0mNN89 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Adding CTurt to see if he wants to take a stab at writing a PoC exploit. It'd be cool for an offensive researcher to determine if it's simply a DoS. But regardless, a security fix is a security fix. All currently-supported branches really should be updated. Thanks, Shawn On Mon, Aug 01, 2016 at 04:41:02PM -0700, Conrad Meyer wrote: > Hey Shawn, >=20 > I don't think this is security-related despite being a bug in > crypto-adjacent code. At best it's a DoS, I think. >=20 > Cheers, > Conrad >=20 > On Mon, Aug 1, 2016 at 4:15 PM, Shawn Webb w= rote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA512 > > > > > > > > On August 1, 2016 6:57:03 PM EDT, "Conrad E. Meyer" w= rote: > >>Author: cem > >>Date: Mon Aug 1 22:57:03 2016 > >>New Revision: 303650 > >>URL: https://svnweb.freebsd.org/changeset/base/303650 > >> > >>Log: > >> opencrypto AES-ICM: Fix heap corruption typo > >> > >>This error looks like it was a simple copy-paste typo in the original > >>commit > >> for this code (r275732). > >> > >> PR: 204009 > >> Reported by: Chang-Hsien Tsai > >> Sponsored by: EMC / Isilon Storage > > > > Since cem@ refuses to MFC even security fixes, can someone with a commi= t bit please MFC this within normal security-related MFC timeframe? Additio= nally, does a security advisory need to be sent out? CC'ing secteam@. > > > > Thanks, > > > > Shawn > > > > - -- > > Sent from my Android device with K-9 Mail. Please excuse my brevity. > > -----BEGIN PGP SIGNATURE----- > > Version: APG v1.1.1 > > > > iQI/BAEBCgApBQJXn9ggIhxTaGF3biBXZWJiIDxzaGF3bkBzaGF3bndlYmIuaW5m > > bz4ACgkQaoRlj1JFbu4Ypg//XLLOHX3y5ULHSEqEQ6tgUjQiR+9ADYKX1Zza3ghI > > FsHEr7O8yi31jb8EJ9+oOiZOHxjAfLP+ezwNoa9xRUQu0IoTcCLU6PzCzHv2viaa > > UZ+ae5xbB48i89o2ZshGTKgtwAzkCOhNkvPaAmS2yu14Xg+2CbhY2mCR+qdnAnMS > > cUU4dTsqTI+cHQoE2ehzDst/ABSaBZa2XZKxFp3EeTb3r2bNAvh72zMv6ethU8Ht > > 5VE7ZyRfQBpObZVcmSy6Sg8+vyjTRE4pdiajSqs3kIitPvxljwukMQ6DcdHCnJPx > > IlOTXnM1wd7iHSwNTP8jniemOR4QrrQ3fEwglsnjp2t45ZnWi46LhfoekOinX42v > > x7f+XWhcw0/oCF34q0rQ/YxFr0OcammmPMqjYKy7dlk2H6FSk9jnqh19lXu+qZP6 > > UzlUS+IHHn7o0OaV9Tflsey7/24hFjEVAHFKZxsG7VzKaSjri6aJ8p2Mr2D1o1os > > rEMF15pV2d9l7tIFN0FigqmffZswpTbk+uNNHc8rg+Tq7QV1fhceTgLLXRfqlpq8 > > ES/Y3Epr22KCCEhftQw3fqC1XpOpn5CUc3svJx7llXWYc/c7RdxGDNSujFF3IARk > > 741mx0N/ZkrcXZ/u/zk5+gMmS7NxhQXNk3QueRTIlqZv7e9GdlaYAPMZxQZKQKm3 > > +YQ=3D > > =3DB3c1 > > -----END PGP SIGNATURE----- > > > > --=20 Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --nOM8ykUjac0mNN89 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXn+I6AAoJEGqEZY9SRW7ukCQP/RWGGLZUhfOG6/nMofrpKl08 iTCIlc5pwlhHD85qSampF5PN0P2Hj7iztvo8h//YVBB/SE7SvG0UQ0K28pEAwhzo 9NK9EN0r86GxU/BAfzv1enHuWQP8bWrb5dCkBRMIHmOfHQ31971osD5QdX7EgqWs 8v+CaSzWM3d/RAEqG1jm6rnn3QjJsjx93U3bWj8l368p3dG6EfDRBoG9PjOHZ9bf YnhtoIWjRS+lpVnpIckhX/zxgtdAli/05dnjkg6XXVOu8AM/bH/xVrfbNBsdrux8 QNI0YS0oIUuEjecNj+X6FQ7dY9r31E9Q1uKmz/iGZvbIZzel5OohJkcIDkBD5S4i 2dVzH4t0W26NgY0ieoxTm8mE5rIDqJZCjBq7QHxUSK1/Ii4DM4A6nLfvckzYBwOw l1FYbW20N0meDDdzE6qzAq0qLsjzvrorxIT//nYbPmkWGWYSzr1bcFQ/ULjOhk/I t2LAdi4pKxMBxQZN45BbVPeM+UbbsRXaNj7hfWq5IaalxXd+xfDbG33VQ/Brj7cr jHm6frWPK8hh0ljKXrnMLAOc0I8NVL/+a8vsMpZhp+Hg6k06dHvkgF5kFBe/18gn MZVl4Q9rkhRXUBJi+zqt99SnJa6fjcVhaAqiG1zY8OPGQguJd8CP3d4gFaG9DKOu xGs+QFiaGxYtTorBHAMu =XoIo -----END PGP SIGNATURE----- --nOM8ykUjac0mNN89--