Patches are now available to fix two remotely triggerable memory leaks
in the OpenSSL libssl library. This issue affects 5.4 and 5.5. These
issues were originally fixed in forthcoming 5.6 release (it's not
affected).
The patch for 5.5 follows.
untrusted comment: signature from openbsd 5.5 base secret key
RWRGy8gxk9N93z0uERun06gnUvsfcC1KpQB7tmX6DIhpmLZG9J7BRtekstcTAujL+VXaTpreU58UMTDACvJT4LRjREzVnZWcoA0=
OpenBSD 5.5 errata 12, Oct 20, 2014
Two remotely triggerable memory leaks in OpenSSL can lead to a denial of
service in server applications.
Apply patch using:
signify -Vep /etc/signify/openbsd-55-base.pub -x 012_openssl.patch.sig \
-m - | (cd /usr/src && patch -p0)
Then build and install libssl
cd /usr/src/lib/libssl/ssl
make obj
make
make install
Index: lib/libssl/src/ssl/d1_srtp.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/d1_srtp.c,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 d1_srtp.c
--- lib/libssl/src/ssl/d1_srtp.c 13 Oct 2012 21:23:49 -0000 1.1.1.1
+++ lib/libssl/src/ssl/d1_srtp.c 17 Oct 2014 19:57:51 -0000
@@ -213,6 +213,7 @@ static int ssl_ctx_make_profiles(const c
else
{
SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
+ sk_SRTP_PROTECTION_PROFILE_free(profiles);
return 1;
}
Index: lib/libssl/src/ssl/t1_lib.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/t1_lib.c,v
retrieving revision 1.12.8.2
diff -u -p -r1.12.8.2 t1_lib.c
--- lib/libssl/src/ssl/t1_lib.c 9 Aug 2014 16:54:58 -0000 1.12.8.2
+++ lib/libssl/src/ssl/t1_lib.c 17 Oct 2014 19:56:17 -0000
@@ -2188,8 +2188,10 @@ static int tls_decrypt_ticket(SSL *s, co
HMAC_Update(&hctx, etick, eticklen);
HMAC_Final(&hctx, tick_hmac, NULL);
HMAC_CTX_cleanup(&hctx);
- if (timingsafe_bcmp(tick_hmac, etick + eticklen, mlen))
+ if (timingsafe_bcmp(tick_hmac, etick + eticklen, mlen)) {
+ EVP_CIPHER_CTX_cleanup(&ctx);
return 2;
+ }
/* Attempt to decrypt session data */
/* Move p after IV to start of encrypted ticket, update length */
p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
No comments:
Post a Comment