Date: Sun, 13 Apr 2014 08:40:14 +0000 (UTC) From: Dirk Meyer <dinoex@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r351191 - in head/security/openssl: . files Message-ID: <201404130840.s3D8eE1X031490@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dinoex Date: Sun Apr 13 08:40:13 2014 New Revision: 351191 URL: http://svnweb.freebsd.org/changeset/ports/351191 QAT: https://qat.redports.org/buildarchive/r351191/ Log: - fix a 4 year old "use-after-free" problem https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/008_openssl.patch Obtained from: OpenBSD Added: head/security/openssl/files/patch-ssl-s3_pkt.c (contents, props changed) Modified: head/security/openssl/Makefile Modified: head/security/openssl/Makefile ============================================================================== --- head/security/openssl/Makefile Sun Apr 13 08:34:32 2014 (r351190) +++ head/security/openssl/Makefile Sun Apr 13 08:40:13 2014 (r351191) @@ -4,7 +4,7 @@ PORTNAME= openssl PORTVERSION= 1.0.1 DISTVERSIONSUFFIX= g -PORTREVISION= 10 +PORTREVISION= 11 CATEGORIES= security devel MASTER_SITES= http://www.openssl.org/%SUBDIR%/ \ ftp://ftp.openssl.org/%SUBDIR%/ \ Added: head/security/openssl/files/patch-ssl-s3_pkt.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/openssl/files/patch-ssl-s3_pkt.c Sun Apr 13 08:40:13 2014 (r351191) @@ -0,0 +1,13 @@ +Index: crypto/openssl/ssl/s3_pkt.c +=================================================================== +--- ssl/s3_pkt.c (revision 264309) ++++ ssl/s3_pkt.c (working copy) +@@ -1055,7 +1055,7 @@ start: + { + s->rstate=SSL_ST_READ_HEADER; + rr->off=0; +- if (s->mode & SSL_MODE_RELEASE_BUFFERS) ++ if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0) + ssl3_release_read_buffer(s); + } + }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404130840.s3D8eE1X031490>