aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorColin Percival <cperciva@FreeBSD.org>2006-09-29 13:46:41 +0000
committerColin Percival <cperciva@FreeBSD.org>2006-09-29 13:46:41 +0000
commit03de91198524923dce0f9f58d5af77235f340e5e (patch)
treeef4566808b7cdca7dab3c0df958831d73c238bfb
parent30a6ffb3330a4ce39d12906a7dda5c4d9ed91dc3 (diff)
downloadsrc-03de91198524923dce0f9f58d5af77235f340e5e.tar.gz
src-03de91198524923dce0f9f58d5af77235f340e5e.zip
Correct problem in the 2006-09-28 patch concerning the handling of
excessively large DH moduli. Reported by: Steve Kiernan (Juniper SIRT) Security: FreeBSD-SA-06:23.openssl Approved by: so (cperciva)
Notes
Notes: svn path=/releng/4.11/; revision=162788
-rw-r--r--UPDATING4
-rw-r--r--crypto/openssl/crypto/dh/dh_key.c2
-rw-r--r--sys/conf/newvers.sh2
3 files changed, 6 insertions, 2 deletions
diff --git a/UPDATING b/UPDATING
index 298f43522cc3..9d8e698a281f 100644
--- a/UPDATING
+++ b/UPDATING
@@ -17,6 +17,10 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20060929: p24 FreeBSD-SA-06:23.openssl
+ Correct problem in the 2006-09-28 patch concerning the handling of
+ excessively large DH moduli.
+
20060928: p23 FreeBSD-SA-06:23.openssl
Correct multiple vulnerabilities in crypto(3).
Limit the size of public keys used in order to protect applications
diff --git a/crypto/openssl/crypto/dh/dh_key.c b/crypto/openssl/crypto/dh/dh_key.c
index 649aa5cffde4..3faf94a7f704 100644
--- a/crypto/openssl/crypto/dh/dh_key.c
+++ b/crypto/openssl/crypto/dh/dh_key.c
@@ -165,7 +165,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
{
DHerr(DH_F_DH_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
- goto err;
+ return -1;
}
ctx = BN_CTX_new();
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index ea79e0a96281..611c435c38dd 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -36,7 +36,7 @@
TYPE="FreeBSD"
REVISION="4.11"
-BRANCH="RELEASE-p23"
+BRANCH="RELEASE-p24"
RELEASE="${REVISION}-${BRANCH}"
VERSION="${TYPE} ${RELEASE}"