Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 13 Apr 2014 08:40:14 +0000 (UTC)
From:      Dirk Meyer <dinoex@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r351191 - in head/security/openssl: . files
Message-ID:  <201404130840.s3D8eE1X031490@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: dinoex
Date: Sun Apr 13 08:40:13 2014
New Revision: 351191
URL: http://svnweb.freebsd.org/changeset/ports/351191
QAT: https://qat.redports.org/buildarchive/r351191/

Log:
  - fix a 4 year old "use-after-free" problem
  https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
  http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse
  http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/008_openssl.patch
  Obtained from:	OpenBSD

Added:
  head/security/openssl/files/patch-ssl-s3_pkt.c   (contents, props changed)
Modified:
  head/security/openssl/Makefile

Modified: head/security/openssl/Makefile
==============================================================================
--- head/security/openssl/Makefile	Sun Apr 13 08:34:32 2014	(r351190)
+++ head/security/openssl/Makefile	Sun Apr 13 08:40:13 2014	(r351191)
@@ -4,7 +4,7 @@
 PORTNAME=	openssl
 PORTVERSION=	1.0.1
 DISTVERSIONSUFFIX=	g
-PORTREVISION=	10
+PORTREVISION=	11
 CATEGORIES=	security devel
 MASTER_SITES=	http://www.openssl.org/%SUBDIR%/ \
 		ftp://ftp.openssl.org/%SUBDIR%/ \

Added: head/security/openssl/files/patch-ssl-s3_pkt.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/openssl/files/patch-ssl-s3_pkt.c	Sun Apr 13 08:40:13 2014	(r351191)
@@ -0,0 +1,13 @@
+Index: crypto/openssl/ssl/s3_pkt.c
+===================================================================
+--- ssl/s3_pkt.c	(revision 264309)
++++ ssl/s3_pkt.c	(working copy)
+@@ -1055,7 +1055,7 @@ start:
+				{
+				s->rstate=SSL_ST_READ_HEADER;
+				rr->off=0;
+-				if (s->mode & SSL_MODE_RELEASE_BUFFERS)
++				if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0)
+					ssl3_release_read_buffer(s);
+				}
+			}

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404130840.s3D8eE1X031490>