oss-sec mailing list archives
Re: CVE Request: openssl double free
From: Solar Designer <solar () openwall com>
Date: Thu, 12 Aug 2010 00:33:30 +0400
On Wed, Aug 11, 2010 at 05:02:53PM +0200, Ludwig Nussel wrote:
Georgi Guninski found a double free issue in openssl's client implementation: http://www.mail-archive.com/openssl-dev () openssl org/msg28043.html The affected code also is in pre 1.0 versions but only 1.0 uses ECDH for ssl by default AFAICT.
I took a brief look at the code. ECDH was introduced somewhere between 0.9.7 and 0.9.8. 0.9.7m doesn't have it (so it was never backported to those stable releases), 0.9.8 does. The double-free bug, or at least the code being patched now, is already present in 0.9.8. Here's the trivial patch: http://www.mail-archive.com/openssl-dev () openssl org/msg28049.html which should work for 0.9.8+ (applies cleanly to 0.9.8, with an offset) and is not needed for older versions. Alexander
Current thread:
- CVE Request: openssl double free Ludwig Nussel (Aug 11)
- Re: CVE Request: openssl double free Solar Designer (Aug 11)
- Re: CVE Request: openssl double free Josh Bressers (Aug 12)