[Midnightbsd-cvs] src [7430] trunk: fix 3 security issues with OpenSSL
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Thu Jan 14 19:19:00 EST 2016
Revision: 7430
http://svnweb.midnightbsd.org/src/?rev=7430
Author: laffer1
Date: 2016-01-14 19:19:00 -0500 (Thu, 14 Jan 2016)
Log Message:
-----------
fix 3 security issues with OpenSSL
Modified Paths:
--------------
trunk/UPDATING
trunk/crypto/openssl/crypto/asn1/tasn_dec.c
trunk/crypto/openssl/crypto/rsa/rsa_ameth.c
Modified: trunk/UPDATING
===================================================================
--- trunk/UPDATING 2016-01-15 00:17:48 UTC (rev 7429)
+++ trunk/UPDATING 2016-01-15 00:19:00 UTC (rev 7430)
@@ -1,6 +1,18 @@
Updating Information for MidnightBSD users.
20160114:
+ OpenSSL
+
+ The signature verification routines will crash with a NULL pointer dereference
+ if presented with an ASN.1 signature using the RSA PSS algorithm and absent
+ mask generation function parameter. [CVE-2015-3194]
+
+ When presented with a malformed X509_ATTRIBUTE structure, OpenSSL will leak
+ memory. [CVE-2015-3195]
+
+ If PSK identity hints are received by a multi-threaded client then the values
+ are incorrectly updated in the parent SSL_CTX structure. [CVE-2015-3196]
+
Fix security on bsnmpd configuration file during installation.
TCP MD5 signature denial of service
Modified: trunk/crypto/openssl/crypto/asn1/tasn_dec.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/tasn_dec.c 2016-01-15 00:17:48 UTC (rev 7429)
+++ trunk/crypto/openssl/crypto/asn1/tasn_dec.c 2016-01-15 00:19:00 UTC (rev 7430)
@@ -180,6 +180,8 @@
int otag;
int ret = 0;
ASN1_VALUE **pchptr, *ptmpval;
+ int combine = aclass & ASN1_TFLG_COMBINE;
+ aclass &= ~ASN1_TFLG_COMBINE;
if (!pval)
return 0;
if (aux && aux->asn1_cb)
@@ -500,7 +502,8 @@
auxerr:
ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
err:
- ASN1_item_ex_free(pval, it);
+ if (combine == 0)
+ ASN1_item_ex_free(pval, it);
if (errtt)
ERR_add_error_data(4, "Field=", errtt->field_name,
", Type=", it->sname);
@@ -689,7 +692,7 @@
} else {
/* Nothing special */
ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
- -1, 0, opt, ctx);
+ -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
goto err;
Modified: trunk/crypto/openssl/crypto/rsa/rsa_ameth.c
===================================================================
--- trunk/crypto/openssl/crypto/rsa/rsa_ameth.c 2016-01-15 00:17:48 UTC (rev 7429)
+++ trunk/crypto/openssl/crypto/rsa/rsa_ameth.c 2016-01-15 00:19:00 UTC (rev 7430)
@@ -279,7 +279,7 @@
if (pss->maskGenAlgorithm) {
ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;
if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1
- && param->type == V_ASN1_SEQUENCE) {
+ && param && param->type == V_ASN1_SEQUENCE) {
p = param->value.sequence->data;
plen = param->value.sequence->length;
*pmaskHash = d2i_X509_ALGOR(NULL, &p, plen);
More information about the Midnightbsd-cvs
mailing list