diff options
| author | dinoex <dinoex@FreeBSD.org> | 2014-04-13 16:40:13 +0800 |
|---|---|---|
| committer | dinoex <dinoex@FreeBSD.org> | 2014-04-13 16:40:13 +0800 |
| commit | 5dcc33ec3f49e463c81acc134241caf5916e9cff (patch) | |
| tree | 35af7b28af66df3573a373dd6ef4058e05ac97fa /security | |
| parent | 0ec77b2f126867e94b3eaa41836e599a4a15b5c3 (diff) | |
| download | freebsd-ports-gnome-5dcc33ec3f49e463c81acc134241caf5916e9cff.tar.gz freebsd-ports-gnome-5dcc33ec3f49e463c81acc134241caf5916e9cff.tar.zst freebsd-ports-gnome-5dcc33ec3f49e463c81acc134241caf5916e9cff.zip | |
- fix a 4 year old "use-after-free" problem
https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse
http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/008_openssl.patch
Obtained from: OpenBSD
Diffstat (limited to 'security')
| -rw-r--r-- | security/openssl/Makefile | 2 | ||||
| -rw-r--r-- | security/openssl/files/patch-ssl-s3_pkt.c | 13 |
2 files changed, 14 insertions, 1 deletions
diff --git a/security/openssl/Makefile b/security/openssl/Makefile index 74574890807b..a981a639d475 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -4,7 +4,7 @@ PORTNAME= openssl PORTVERSION= 1.0.1 DISTVERSIONSUFFIX= g -PORTREVISION= 10 +PORTREVISION= 11 CATEGORIES= security devel MASTER_SITES= http://www.openssl.org/%SUBDIR%/ \ ftp://ftp.openssl.org/%SUBDIR%/ \ diff --git a/security/openssl/files/patch-ssl-s3_pkt.c b/security/openssl/files/patch-ssl-s3_pkt.c new file mode 100644 index 000000000000..90d5e2c3b230 --- /dev/null +++ b/security/openssl/files/patch-ssl-s3_pkt.c @@ -0,0 +1,13 @@ +Index: crypto/openssl/ssl/s3_pkt.c +=================================================================== +--- ssl/s3_pkt.c (revision 264309) ++++ ssl/s3_pkt.c (working copy) +@@ -1055,7 +1055,7 @@ start: + { + s->rstate=SSL_ST_READ_HEADER; + rr->off=0; +- if (s->mode & SSL_MODE_RELEASE_BUFFERS) ++ if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0) + ssl3_release_read_buffer(s); + } + } |