oss-security - Re: Use-after-free race condition,in OpenSSL's read buffer

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Sun, 13 Apr 2014 07:40:31 +0000
From: mancha <mancha1@...o.com>
To: oss-security@...ts.openwall.com
Subject: Re: Use-after-free race condition,in OpenSSL's read
 buffer

On Sun, Apr 13, 2014 at 10:44:54AM +0400, Solar Designer wrote:
> On Sat, Apr 12, 2014 at 09:47:49PM -0600, Scotty Bauer wrote:
> > Patch is available at:
> > http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/008_openssl.patch
> 
> Some context to this:
> 
> http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse
> 
> This specific patch is found in Benson Kwok's bug report:
> 
> https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest

A little more context:

This is effectively a NOP unless OpenSSL is compiled with
-DOPENSSL_NO_BUF_FREELIST. Here's another ticket with a
similar solution:

https://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guest

--mancha

Content of type "application/pgp-signature" skipped

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.