From owner-freebsd-stable@FreeBSD.ORG Thu Apr 10 23:25:48 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8BF0B3EA for ; Thu, 10 Apr 2014 23:25:48 +0000 (UTC) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "anubis.delphij.net", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 6BB3B11DB for ; Thu, 10 Apr 2014 23:25:48 +0000 (UTC) Received: from zeta.ixsystems.com (unknown [69.198.165.132]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by anubis.delphij.net (Postfix) with ESMTPSA id 898A53D4A; Thu, 10 Apr 2014 16:25:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net; s=anubis; t=1397172347; bh=C0ZniELyzIrNjCz77oTDQM2kBz5yatkWwPgmoIU4Wyc=; h=Date:From:Reply-To:To:Subject:References:In-Reply-To; b=ynEsgYlUd4kynvqn7eTlV2CJGiZOjPoRpd4/rnU1RHEL34FgRTz7h7x7m49U0ZEt1 EHBLdZLLzyK5nzaosQYhL8Z/u9N47fyN/wetVVw10kP5BEWKHfoJPIItbjpz5tXjr3 /NLVhEvzkcR00NGlfklVrkg5u6a2umEZj1VobBNM= Message-ID: <5347287B.9010900@delphij.net> Date: Thu, 10 Apr 2014 16:25:47 -0700 From: Xin Li Organization: The FreeBSD Project MIME-Version: 1.0 To: FreeBSD stable Subject: Re: OpenSSL CVE-2014-0160 (openssl) in 10-STABLE workaround? References: <20140408180026.GC2676@e-Gitt.NET> In-Reply-To: <20140408180026.GC2676@e-Gitt.NET> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: d@delphij.net List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Apr 2014 23:25:48 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 04/08/14 11:00, Oliver Brandmueller wrote: > Would it probably help (with the performance impact in mind) to set > malloc option junk:true to lower the risk of leakting > information? [...] > Anyone with better insights could comment on that? Neither will help for CVE-2014-0160. It's not the buffer newly allocated didn't get initialized, it's reading beyond boundary of another buffer and thus these mitigation at allocation side have nothing to do with the problem. Hope this helps. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTRyh6AAoJEJW2GBstM+nsg6gP/RLb6lH9dY07IRIUHLIfnE1a dzVmVnehS3KCkI6YZJLQSSaTSi48TRNttQMw1skNVffpQ6Xnk8aT8TIQI6YE61I0 m2DhXzcFylCyFpv2rOy0Y6c90uHoE98fwI2k1qA9cV4hxHN9M0hL1HxX35Wt1Sy/ vXcnbh4YUu17Pnu7t8irEcCI/Q+iz9Xqmjp9FzUT4+il5Ti4kmOerbGV7CKl+3Gj kJApWKkZAavIqDCP8NthwJsK/eH1CRefU1HGMfAFwU7qd4XOaS655oPLS53lGPeK r2wXzN2oKlXDchO2gvacGipDQN8QLNqfzPnMEwCvwaCsBcNYJt6suyXdYS+M8HWs AwRsR4KeS+EF8a5OMjCFOUCSVkg5E88E6ZtwgmIehZyKRZIncY1E1QaMw2ys9kWX Dy4MKGsSjmEoa2Gq/IGZQ9rY44scV8HysVo2V6JY7fQZm1s+EO5MjLcRooXiKeL0 GvM+pMTXNCfU5eXnkBW2vLKNrtbY7gFuhcTY/ixKCeu/WZ0SuwwgxXGGUHazsOS0 1Wl1Y7hjZao3CMDiaR0RUW43rSk9hxW/MMrh5+29kCoPERFeh3NCPqkdP4Wk+HiT 8PZzcBmJGiC26vJRWCSotMLCYwKSBuIQf+OlOgIs+9ZXcph36JowMz3GffP1ezbB 1pZOwklyRdMn5lhbtXdN =Et0+ -----END PGP SIGNATURE-----