aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimon L. B. Nielsen <simon@FreeBSD.org>2010-11-29 20:43:06 +0000
committerSimon L. B. Nielsen <simon@FreeBSD.org>2010-11-29 20:43:06 +0000
commit7a43cb98ef0937941e3f81869a1de1a39c60b901 (patch)
treee973b51a418bd2017096bee30e0b747f477da4fb
parent9738e0c840babe80b46f34c17bcd8adbff6aea70 (diff)
downloadsrc-7a43cb98ef0937941e3f81869a1de1a39c60b901.tar.gz
src-7a43cb98ef0937941e3f81869a1de1a39c60b901.zip
Fix a race condition exists in the OpenSSL TLS server extension code andreleng/7.1
a double free in the SSL client ECDH handling code. Approved by: so (simon) Security: CVE-2010-2939, CVE-2010-3864 Security: FreeBSD-SA-10:10.openssl
Notes
Notes: svn path=/releng/7.1/; revision=216063
-rw-r--r--UPDATING3
-rw-r--r--crypto/openssl/ssl/s3_clnt.c1
-rw-r--r--sys/conf/newvers.sh2
3 files changed, 5 insertions, 1 deletions
diff --git a/UPDATING b/UPDATING
index 384447d3ab90..844e7f0012f7 100644
--- a/UPDATING
+++ b/UPDATING
@@ -8,6 +8,9 @@ Items affecting the ports and packages system can be found in
/usr/ports/UPDATING. Please read that file before running
portupgrade.
+20101129: p16 FreeBSD-SA-10:10.openssl
+ Fix OpenSSL multiple vulnerabilities.
+
20101110: p15 FreeBSD-SA-10:09.pseudofs
Don't unlock a mutex which wasn't locked.
diff --git a/crypto/openssl/ssl/s3_clnt.c b/crypto/openssl/ssl/s3_clnt.c
index e52e9cadc9f5..23a07b16f650 100644
--- a/crypto/openssl/ssl/s3_clnt.c
+++ b/crypto/openssl/ssl/s3_clnt.c
@@ -1289,6 +1289,7 @@ int ssl3_get_key_exchange(SSL *s)
s->session->sess_cert->peer_ecdh_tmp=ecdh;
ecdh=NULL;
BN_CTX_free(bn_ctx);
+ bn_ctx = NULL;
EC_POINT_free(srvr_ecpoint);
srvr_ecpoint = NULL;
}
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index da9a0ff3910e..1f34cd31770f 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="7.1"
-BRANCH="RELEASE-p15"
+BRANCH="RELEASE-p16"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi