oss-sec mailing list archives
Re: Use-after-free race condition,in OpenSSL's read buffer
From: mancha <mancha1 () zoho com>
Date: Sun, 13 Apr 2014 07:40:31 +0000
On Sun, Apr 13, 2014 at 10:44:54AM +0400, Solar Designer wrote:
On Sat, Apr 12, 2014 at 09:47:49PM -0600, Scotty Bauer wrote:Patch is available at: http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/008_openssl.patchSome context to this: http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse This specific patch is found in Benson Kwok's bug report: https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
A little more context: This is effectively a NOP unless OpenSSL is compiled with -DOPENSSL_NO_BUF_FREELIST. Here's another ticket with a similar solution: https://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guest --mancha
Attachment:
_bin
Description:
Current thread:
- Use-after-free race condition,in OpenSSL's read buffer Scotty Bauer (Apr 12)
- Re: Use-after-free race condition,in OpenSSL's read buffer Solar Designer (Apr 12)
- Re: Use-after-free race condition,in OpenSSL's read buffer mancha (Apr 13)
- Re: Use-after-free race condition,in OpenSSL's read buffer cve-assign (Apr 14)
- Re: Use-after-free race condition,in OpenSSL's read buffer Solar Designer (Apr 12)