[Pkg-openssl-changes] r718 - in openssl/branches/wheezy/debian: . patches
Kurt Roeckx
kroeckx at moszumanska.debian.org
Thu Mar 19 18:05:46 UTC 2015
Author: kroeckx
Date: 2015-03-19 18:05:46 +0000 (Thu, 19 Mar 2015)
New Revision: 718
Added:
openssl/branches/wheezy/debian/patches/0008-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch
Modified:
openssl/branches/wheezy/debian/changelog
openssl/branches/wheezy/debian/patches/series
Log:
1.0.1e-2+deb7u16
Modified: openssl/branches/wheezy/debian/changelog
===================================================================
--- openssl/branches/wheezy/debian/changelog 2015-03-19 17:54:26 UTC (rev 717)
+++ openssl/branches/wheezy/debian/changelog 2015-03-19 18:05:46 UTC (rev 718)
@@ -1,3 +1,12 @@
+openssl (1.0.1e-2+deb7u16) wheezy-security; urgency=medium
+
+ * Revert patch 0003-Free-up-passed-ASN.1-structure-if-reused.patch, it
+ breaks nginx and doesn't have a security issue
+ * Add patch 0008-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch
+ as follow up to CVE-2015-0209
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 19 Mar 2015 19:03:58 +0100
+
openssl (1.0.1e-2+deb7u15) wheezy-security; urgency=medium
* Fix CVE-2015-0286
Added: openssl/branches/wheezy/debian/patches/0008-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/0008-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch (rev 0)
+++ openssl/branches/wheezy/debian/patches/0008-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch 2015-03-19 18:05:46 UTC (rev 718)
@@ -0,0 +1,74 @@
+From a4517be9e348634ac64f9cf093131e13e8c03e38 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt at openssl.org>
+Date: Thu, 19 Mar 2015 10:16:32 +0000
+Subject: [PATCH 08/12] Fix a failure to NULL a pointer freed on error.
+
+Reported by the LibreSSL project as a follow on to CVE-2015-0209
+
+Reviewed-by: Richard Levitte <levitte at openssl.org>
+---
+ crypto/asn1/x_x509.c | 12 +++++++++++-
+ crypto/ec/ec_asn1.c | 7 +++++--
+ 2 files changed, 16 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
+index 2644d5f..d51b76e 100644
+--- a/crypto/asn1/x_x509.c
++++ b/crypto/asn1/x_x509.c
+@@ -172,8 +172,14 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
+ {
+ const unsigned char *q;
+ X509 *ret;
++ int freeret = 0;
++
+ /* Save start position */
+ q = *pp;
++
++ if(!a || *a == NULL) {
++ freeret = 1;
++ }
+ ret = d2i_X509(a, pp, length);
+ /* If certificate unreadable then forget it */
+ if (!ret)
+@@ -186,7 +192,11 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
+ goto err;
+ return ret;
+ err:
+- X509_free(ret);
++ if(freeret) {
++ X509_free(ret);
++ if (a)
++ *a = NULL;
++ }
+ return NULL;
+ }
+
+diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
+index 6ff94a3..b4b0e9f 100644
+--- a/crypto/ec/ec_asn1.c
++++ b/crypto/ec/ec_asn1.c
+@@ -1226,16 +1226,19 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len)
+ ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+- if (a)
+- *a = ret;
+ } else
+ ret = *a;
+
+ if (!d2i_ECPKParameters(&ret->group, in, len)) {
+ ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
++ if (a == NULL || *a != ret)
++ EC_KEY_free(ret);
+ return NULL;
+ }
+
++ if (a)
++ *a = ret;
++
+ return ret;
+ }
+
+--
+2.1.4
+
Modified: openssl/branches/wheezy/debian/patches/series
===================================================================
--- openssl/branches/wheezy/debian/patches/series 2015-03-19 17:54:26 UTC (rev 717)
+++ openssl/branches/wheezy/debian/patches/series 2015-03-19 18:05:46 UTC (rev 718)
@@ -89,7 +89,7 @@
0006-Fix-reachable-assert-in-SSLv2-servers.patch
0005-PKCS-7-avoid-NULL-pointer-dereferences-with-missing-.patch
0004-Fix-ASN1_TYPE_cmp.patch
-0003-Free-up-passed-ASN.1-structure-if-reused.patch
+#0003-Free-up-passed-ASN.1-structure-if-reused.patch
0002-Free-up-ADB-and-CHOICE-if-already-initialised.patch
0001-fix-warning.patch
0001-Remove-export-ciphers-from-the-DEFAULT-cipher-list.patch
@@ -97,4 +97,4 @@
0001-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch
0001-Check-public-key-is-not-NULL.patch
0001-evp-prevent-underflow-in-base64-decoding.patch
-
+0008-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch
More information about the Pkg-openssl-changes
mailing list