Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 23 Apr 2014 01:42:11 +0000 (UTC)
From:      Bryan Drewery <bdrewery@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org
Subject:   svn commit: r351906 - in branches/2014Q2/security/openssl: . files
Message-ID:  <201404230142.s3N1gBmi048805@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: bdrewery
Date: Wed Apr 23 01:42:11 2014
New Revision: 351906
URL: http://svnweb.freebsd.org/changeset/ports/351906
QAT: https://qat.redports.org/buildarchive/r351906/

Log:
  MFH: r351191
  
  - fix a 4 year old "use-after-free" problem
  https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
  http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse
  http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/008_openssl.patch
  Obtained from:	OpenBSD

Added:
  branches/2014Q2/security/openssl/files/patch-ssl-s3_pkt.c
     - copied unchanged from r351191, head/security/openssl/files/patch-ssl-s3_pkt.c
Modified:
  branches/2014Q2/security/openssl/Makefile
Directory Properties:
  branches/2014Q2/   (props changed)

Modified: branches/2014Q2/security/openssl/Makefile
==============================================================================
--- branches/2014Q2/security/openssl/Makefile	Wed Apr 23 01:29:25 2014	(r351905)
+++ branches/2014Q2/security/openssl/Makefile	Wed Apr 23 01:42:11 2014	(r351906)
@@ -4,7 +4,7 @@
 PORTNAME=	openssl
 PORTVERSION=	1.0.1
 DISTVERSIONSUFFIX=	g
-PORTREVISION=	10
+PORTREVISION=	11
 CATEGORIES=	security devel
 MASTER_SITES=	http://www.openssl.org/%SUBDIR%/ \
 		ftp://ftp.openssl.org/%SUBDIR%/ \

Copied: branches/2014Q2/security/openssl/files/patch-ssl-s3_pkt.c (from r351191, head/security/openssl/files/patch-ssl-s3_pkt.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2014Q2/security/openssl/files/patch-ssl-s3_pkt.c	Wed Apr 23 01:42:11 2014	(r351906, copy of r351191, head/security/openssl/files/patch-ssl-s3_pkt.c)
@@ -0,0 +1,13 @@
+Index: crypto/openssl/ssl/s3_pkt.c
+===================================================================
+--- ssl/s3_pkt.c	(revision 264309)
++++ ssl/s3_pkt.c	(working copy)
+@@ -1055,7 +1055,7 @@ start:
+				{
+				s->rstate=SSL_ST_READ_HEADER;
+				rr->off=0;
+-				if (s->mode & SSL_MODE_RELEASE_BUFFERS)
++				if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0)
+					ssl3_release_read_buffer(s);
+				}
+			}

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404230142.s3N1gBmi048805>