Fix OpenSSL multiple vulnerabilities. - src

diff options


context:
space:
mode:

author	Xin LI <delphij@FreeBSD.org>	2015-12-05 09:53:58 +0000
committer	Xin LI <delphij@FreeBSD.org>	2015-12-05 09:53:58 +0000
commit	c800785d3a41149c2ee3644464d9436cca9c1b7d (patch)
tree	695c0ab6153909cdbd091ebfd61e21a33ef1e6c1
parent	4ee85b4f40e60d76f9812aafc3a2ecdbe3f26ebb (diff)

Notes

Diffstat

-rw-r--r--

UPDATING

-rw-r--r--

crypto/openssl/crypto/asn1/tasn_dec.c

-rw-r--r--

crypto/openssl/crypto/rsa/rsa_ameth.c

-rw-r--r--

sys/conf/newvers.sh

4 files changed, 11 insertions, 4 deletions

diff --git a/UPDATING b/UPDATING
index 93db34e8a776..df8c2a3807ec 100644
--- a/UPDATING
+++ b/UPDATING

@@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITHOUT_CLANG to bootstrap to the tip of

stable/10, and then rebuild without this option. The bootstrap process from

older version of current is a bit fragile.

+20151205 p8 FreeBSD-SA-15:26.openssl

+ Fix multiple OpenSSL vulnerabilities. [SA-15:26]

20151104 p7 FreeBSD-SA-15:25.ntp [revised]

FreeBSD-EN-15:19.kqueue

FreeBSD-EN-15:20.vm

diff --git a/crypto/openssl/crypto/asn1/tasn_dec.c b/crypto/openssl/crypto/asn1/tasn_dec.c
index 7fd336a40226..ac079ddd1fd1 100644
--- a/crypto/openssl/crypto/asn1/tasn_dec.c
+++ b/crypto/openssl/crypto/asn1/tasn_dec.c

@@ -180,6 +180,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,

int otag;

int ret = 0;

ASN1_VALUE **pchptr, *ptmpval;

+ int combine = aclass & ASN1_TFLG_COMBINE;

+ aclass &= ~ASN1_TFLG_COMBINE;

if (!pval)

return 0;

if (aux && aux->asn1_cb)

@@ -500,7 +502,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,

auxerr:

ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);

err:

- ASN1_item_ex_free(pval, it);

+ if (combine == 0)

+ ASN1_item_ex_free(pval, it);

if (errtt)

ERR_add_error_data(4, "Field=", errtt->field_name,

", Type=", it->sname);

@@ -689,7 +692,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,

} else {

/* Nothing special */

ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),

- -1, 0, opt, ctx);

+ -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);

if (!ret) {

ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);

goto err;

diff --git a/crypto/openssl/crypto/rsa/rsa_ameth.c b/crypto/openssl/crypto/rsa/rsa_ameth.c
index 93e071de75e2..c7f1148a1ded 100644
--- a/crypto/openssl/crypto/rsa/rsa_ameth.c
+++ b/crypto/openssl/crypto/rsa/rsa_ameth.c

@@ -279,7 +279,7 @@ static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg,

if (pss->maskGenAlgorithm) {

ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;

if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1

- && param->type == V_ASN1_SEQUENCE) {

+ && param && param->type == V_ASN1_SEQUENCE) {

p = param->value.sequence->data;

plen = param->value.sequence->length;

*pmaskHash = d2i_X509_ALGOR(NULL, &p, plen);

diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index ccc170d38993..b182f842cdda 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh

@@ -32,7 +32,7 @@

TYPE="FreeBSD"

REVISION="10.2"

-BRANCH="RELEASE-p7"

+BRANCH="RELEASE-p8"

if [ "X${BRANCH_OVERRIDE}" != "X" ]; then

BRANCH=${BRANCH_OVERRIDE}