aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorXin LI <delphij@FreeBSD.org>2017-02-23 07:12:18 +0000
committerXin LI <delphij@FreeBSD.org>2017-02-23 07:12:18 +0000
commit2d3b72967304053eabdd84ff45b55b7c46e26b7c (patch)
tree4cefbc53a1b7df7cb45a471b65d3b2be5d57c692
parentbb70217cc3f491255d1ffe5384d327d8eec12ac7 (diff)
downloadsrc-2d3b72967304053eabdd84ff45b55b7c46e26b7c.tar.gz
src-2d3b72967304053eabdd84ff45b55b7c46e26b7c.zip
Fix OpenSSL RC4_MD5 cipher vulnerability.
Approved by: so
Notes
Notes: svn path=/releng/10.3/; revision=314126
-rw-r--r--UPDATING4
-rw-r--r--crypto/openssl/crypto/evp/e_rc4_hmac_md5.c2
-rw-r--r--sys/conf/newvers.sh2
3 files changed, 7 insertions, 1 deletions
diff --git a/UPDATING b/UPDATING
index d7a689ae8911..51fe757c6ec2 100644
--- a/UPDATING
+++ b/UPDATING
@@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITHOUT_CLANG to bootstrap to the tip of
stable/10, and then rebuild without this option. The bootstrap process from
older version of current is a bit fragile.
+20170223 p17 FreeBSD-SA-17:02.openssl
+
+ Fix OpenSSL RC4_MD5 cipher vulnerability.
+
20170111 p16 FreeBSD-SA-17:01.openssh
Fix multiple vulnerabilities of OpenSSH.
diff --git a/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c b/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c
index 2da11178294d..ca539132ce64 100644
--- a/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c
+++ b/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c
@@ -267,6 +267,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
len = p[arg - 2] << 8 | p[arg - 1];
if (!ctx->encrypt) {
+ if (len < MD5_DIGEST_LENGTH)
+ return -1;
len -= MD5_DIGEST_LENGTH;
p[arg - 2] = len >> 8;
p[arg - 1] = len;
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index 581ada023c68..0cf92774cf79 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="10.3"
-BRANCH="RELEASE-p16"
+BRANCH="RELEASE-p17"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi