freebsd security - Apr 2014 - OpenSSL followup SSL_MODE_RELEASE_BUFFERS

Hi,

apparentyly openbsd has more or less silently fixed an older openssl issue that
has been stuck in the openssl bug tracker:

The openbsd patch:

     http://www.openbsd.org/errata55.html#004_openssl

     http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig

The original issue:

     http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse

Here is the openssl bug:

     http://rt.openssl.org/Ticket/Display.html?id=2167

The patch;

     diff -u -p -u -r1.20 -r1.20.4.1
     --- lib/libssl/src/ssl/s3_pkt.c	27 Feb 2014 21:04:57 -0000	1.20
     +++ lib/libssl/src/ssl/s3_pkt.c	12 Apr 2014 17:01:14 -0000	1.20.4.1
     @@ -1054,7 +1054,7 @@ start:
 				    {
 				    s->rstate=SSL_ST_READ_HEADER;
 				    rr->off=0;
     -				if (s->mode & SSL_MODE_RELEASE_BUFFERS)
     +				if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
s->s3->rbuf.left == 0)
 					    ssl3_release_read_buffer(s);
 				    }
 			    }

Can somebody rattle openssl upstream to get them to comment on this ?

Should freebsd roll out a patch ?

Greetings
Christian

-- 
Christian Kratzer                   CK Software GmbH
Email:   ck at cksoft.de               Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0       D-71126 Gaeufelden
Fax:     +49 7032 893 997 - 9       HRB 245288, Amtsgericht Stuttgart
Mobile:  +49 171 1947 843           Geschaeftsfuehrer: Christian Kratzer
Web:     http://www.cksoft.de/

On 13/04/2014 6:09 PM, Christian Kratzer wrote:
> Hi,
>
> apparentyly openbsd has more or less silently fixed an older openssl
> issue that has been stuck in the openssl bug tracker:
>
> The openbsd patch:
>
>     http://www.openbsd.org/errata55.html#004_openssl
>
>    
> http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig
>
> The original issue:
>
>    
> http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse
>
> Here is the openssl bug:
>
>     http://rt.openssl.org/Ticket/Display.html?id=2167
>
> The patch;
>
>     diff -u -p -u -r1.20 -r1.20.4.1
>     --- lib/libssl/src/ssl/s3_pkt.c    27 Feb 2014 21:04:57 -0000    1.20
>     +++ lib/libssl/src/ssl/s3_pkt.c    12 Apr 2014 17:01:14 -0000   
> 1.20.4.1
>     @@ -1054,7 +1054,7 @@ start:
>                     {
>                     s->rstate=SSL_ST_READ_HEADER;
>                     rr->off=0;
>     -                if (s->mode & SSL_MODE_RELEASE_BUFFERS)
>     +                if (s->mode & SSL_MODE_RELEASE_BUFFERS
&&
> s->s3->rbuf.left == 0)
>                         ssl3_release_read_buffer(s);
>                     }
>                 }
>
> Can somebody rattle openssl upstream to get them to comment on this ?
>
> Should freebsd roll out a patch ?
>
> Greetings
> Christian
>
Thank-you Dirk for promptly deploying the patch to openssl port:
http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191&view=markup

Regards, Dewayne