From owner-freebsd-security@FreeBSD.ORG Fri Oct 5 17:10:04 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6457216A417 for ; Fri, 5 Oct 2007 17:10:04 +0000 (UTC) (envelope-from gshapiro@freebsd.org) Received: from gir.gshapiro.net (gir.gshapiro.net [209.246.26.16]) by mx1.freebsd.org (Postfix) with ESMTP id 46C4813C45D for ; Fri, 5 Oct 2007 17:10:04 +0000 (UTC) (envelope-from gshapiro@freebsd.org) Received: from monkeyboy.local (c-67-164-3-230.hsd1.ca.comcast.net [67.164.3.230]) (authenticated bits=128) by gir.gshapiro.net (8.14.2.Alpha1/8.14.1) with ESMTP id l95GbEGO018113 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 5 Oct 2007 09:37:17 -0700 (PDT) (envelope-from gshapiro@freebsd.org) X-DomainKeys: Sendmail DomainKeys Filter v0.6.0 gir.gshapiro.net l95GbEGO018113 Date: Fri, 5 Oct 2007 09:35:23 -0700 From: Gregory Shapiro To: Mike Tancsa Message-ID: <20071005163523.GN477@monkeyboy.local> References: <46FD7595.8090506@FreeBSD.org> <200710032349.l93Nn8Co011720@lava.sentex.ca> <20071005160502.GA1222@zaphod.nitro.dk> <200710051613.l95GD8C0022932@lava.sentex.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200710051613.l95GD8C0022932@lava.sentex.ca> User-Agent: Mutt/1.5.16 (2007-06-09) X-Mailman-Approved-At: Fri, 05 Oct 2007 18:05:05 +0000 Cc: freebsd-security@freebsd.org Subject: Re: OpenSSL bufffer overflow X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Oct 2007 17:10:04 -0000 > Thanks! I did the same grep, but wasnt sure whether or not that particular > function (SSL_get_shared_ciphers) got called by another function in OpenSSL > which was originally called by some of the big apps like sendmail,apache > and sshd When I last researched this when the first problem with that function was announced, no other functions inside OpenSSL called it. That still appears to be the case: /usr/src/crypto/openssl> grep -R SSL_get_shared_ciphers . ./apps/s_client.c: p=SSL_get_shared_ciphers(s,buf,sizeof buf); ./apps/s_server.c: if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL) ./apps/s_server.c: p=SSL_get_shared_ciphers(con,buf,bufsize); ./doc/ssleay.txt:SSL_get_shared_ciphers ./doc/ssl/ssl.pod:=item char *B(SSL *ssl, char *buf, int len); ./ssl/ssl.h:char * SSL_get_shared_ciphers(SSL *s, char *buf, int len); ./ssl/ssl_lib.c:char *SSL_get_shared_ciphers(SSL *s,char *buf,int len) ./util/ssleay.num:SSL_get_shared_ciphers 65 EXIST::FUNCTION: Also, sendmail does not use it.