Small patch to 5.4 OpenSSL patch

Thu, 26 Mar 2015 12:36:14 -0700 

Hey tech,

This is a patch for:

    http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/016_openssl.patch

The closing parenthesis was left off.

Thanks,

Brad

rbt@teal:~/Downloads$ cat openbsd_5.4_016_openssl.patch
--- 016_openssl.patch 2015-03-26 13:48:44.776479245 -0400
+++ 016_openssl.patch.rbt 2015-03-26 13:49:38.800480259 -0400
@@ -5,7 +5,7 @@

 Apply patch using:

- cat 016_openssl.patch | (cd /usr/src && patch -p0
+ cat 016_openssl.patch | (cd /usr/src && patch -p0)

 Then build and install libssl

OpenBSD 5.4 errata 16, Oct 20, 2014

Two remotely triggerable memory leaks in OpenSSL can lead to a denial of
service in server applications.

Apply patch using:

	cat 016_openssl.patch | (cd /usr/src && patch -p0

Then build and install libssl

    cd /usr/src/lib/libssl/ssl
    make obj
    make
    make install


Index: lib/libssl/src/ssl/d1_srtp.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/d1_srtp.c,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 d1_srtp.c
--- lib/libssl/src/ssl/d1_srtp.c	13 Oct 2012 21:23:49 -0000	1.1.1.1
+++ lib/libssl/src/ssl/d1_srtp.c	17 Oct 2014 19:57:51 -0000
@@ -213,6 +213,7 @@ static int ssl_ctx_make_profiles(const c
 		else
 			{
 			SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
+			sk_SRTP_PROTECTION_PROFILE_free(profiles);
 			return 1;
 			}
 
Index: lib/libssl/src/ssl/t1_lib.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/t1_lib.c,v
retrieving revision 1.12.8.2
diff -u -p -r1.12.8.2 t1_lib.c
--- lib/libssl/src/ssl/t1_lib.c	9 Aug 2014 16:54:58 -0000	1.12.8.2
+++ lib/libssl/src/ssl/t1_lib.c	17 Oct 2014 19:56:17 -0000
@@ -2188,8 +2188,10 @@ static int tls_decrypt_ticket(SSL *s, co
 	HMAC_Update(&hctx, etick, eticklen);
 	HMAC_Final(&hctx, tick_hmac, NULL);
 	HMAC_CTX_cleanup(&hctx);
-	if (timingsafe_bcmp(tick_hmac, etick + eticklen, mlen))
+	if (timingsafe_bcmp(tick_hmac, etick + eticklen, mlen)) {
+		EVP_CIPHER_CTX_cleanup(&ctx);
 		return 2;
+	}
 	/* Attempt to decrypt session data */
 	/* Move p after IV to start of encrypted ticket, update length */
 	p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);

Attachment: 016_openssl.patch.rbt
Description: Binary data

--- 016_openssl.patch	2015-03-26 13:48:44.776479245 -0400
+++ 016_openssl.patch.rbt	2015-03-26 13:49:38.800480259 -0400
@@ -5,7 +5,7 @@
 
 Apply patch using:
 
-	cat 016_openssl.patch | (cd /usr/src && patch -p0
+	cat 016_openssl.patch | (cd /usr/src && patch -p0)
 
 Then build and install libssl

Reply via email to