From 228132f23591b4cd0a4417e470618b820e278619 Mon Sep 17 00:00:00 2001 From: delphij Date: Wed, 29 Nov 2017 05:59:50 +0000 Subject: [PATCH] Fix OpenSSL out-of-bounds read vulnerability. Security: FreeBSD-SA-17:11 Approved by: so git-svn-id: svn://svn.freebsd.org/base/releng/10.3@326359 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- UPDATING | 4 ++++ crypto/openssl/crypto/x509v3/v3_addr.c | 10 ++++++---- sys/conf/newvers.sh | 2 +- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/UPDATING b/UPDATING index 3af542afb..1641f6137 100644 --- a/UPDATING +++ b/UPDATING @@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITHOUT_CLANG to bootstrap to the tip of stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20171129 p25 FreeBSD-SA-17:11.openssl + + Fix OpenSSL out-of-bounds read vulnerability. + 20171115 p24 FreeBSD-SA-17:08.ptrace FreeBSD-SA-17:09.shm FreeBSD-SA-17:10.kldstat diff --git a/crypto/openssl/crypto/x509v3/v3_addr.c b/crypto/openssl/crypto/x509v3/v3_addr.c index 94cfed050..8687cfcf4 100644 --- a/crypto/openssl/crypto/x509v3/v3_addr.c +++ b/crypto/openssl/crypto/x509v3/v3_addr.c @@ -130,10 +130,12 @@ static int length_from_afi(const unsigned afi) */ unsigned int v3_addr_get_afi(const IPAddressFamily *f) { - return ((f != NULL && - f->addressFamily != NULL && f->addressFamily->data != NULL) - ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1])) - : 0); + if (f == NULL + || f->addressFamily == NULL + || f->addressFamily->data == NULL + || f->addressFamily->length < 2) + return 0; + return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1]; } /* diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 67e300917..9ae8f15ec 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.3" -BRANCH="RELEASE-p24" +BRANCH="RELEASE-p25" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi -- 2.42.0