Date: Fri, 5 Oct 2007 09:35:23 -0700 From: Gregory Shapiro <gshapiro@freebsd.org> To: Mike Tancsa <mike@sentex.net> Cc: freebsd-security@freebsd.org Subject: Re: OpenSSL bufffer overflow Message-ID: <20071005163523.GN477@monkeyboy.local> In-Reply-To: <200710051613.l95GD8C0022932@lava.sentex.ca> References: <46FD7595.8090506@FreeBSD.org> <200710032349.l93Nn8Co011720@lava.sentex.ca> <20071005160502.GA1222@zaphod.nitro.dk> <200710051613.l95GD8C0022932@lava.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
> Thanks! I did the same grep, but wasnt sure whether or not that particular > function (SSL_get_shared_ciphers) got called by another function in OpenSSL > which was originally called by some of the big apps like sendmail,apache > and sshd When I last researched this when the first problem with that function was announced, no other functions inside OpenSSL called it. That still appears to be the case: /usr/src/crypto/openssl> grep -R SSL_get_shared_ciphers . ./apps/s_client.c: p=SSL_get_shared_ciphers(s,buf,sizeof buf); ./apps/s_server.c: if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL) ./apps/s_server.c: p=SSL_get_shared_ciphers(con,buf,bufsize); ./doc/ssleay.txt:SSL_get_shared_ciphers ./doc/ssl/ssl.pod:=item char *B<SSL_get_shared_ciphers>(SSL *ssl, char *buf, int len); ./ssl/ssl.h:char * SSL_get_shared_ciphers(SSL *s, char *buf, int len); ./ssl/ssl_lib.c:char *SSL_get_shared_ciphers(SSL *s,char *buf,int len) ./util/ssleay.num:SSL_get_shared_ciphers 65 EXIST::FUNCTION: Also, sendmail does not use it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071005163523.GN477>