Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 12 Aug 2010 00:33:30 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: openssl double free

On Wed, Aug 11, 2010 at 05:02:53PM +0200, Ludwig Nussel wrote:
> Georgi Guninski found a double free issue in openssl's client implementation:
> http://www.mail-archive.com/openssl-dev@...nssl.org/msg28043.html
> The affected code also is in pre 1.0 versions but only 1.0 uses ECDH
> for ssl by default AFAICT.

I took a brief look at the code.  ECDH was introduced somewhere between
0.9.7 and 0.9.8.  0.9.7m doesn't have it (so it was never backported to
those stable releases), 0.9.8 does.  The double-free bug, or at least
the code being patched now, is already present in 0.9.8.

Here's the trivial patch:

http://www.mail-archive.com/openssl-dev@...nssl.org/msg28049.html

which should work for 0.9.8+ (applies cleanly to 0.9.8, with an offset)
and is not needed for older versions.

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ