[openssl/openssl] b3f0eb: Only free the read buffers if we're not using them
Matt Caswell
noreply at github.com
Tue May 28 13:46:45 UTC 2024
Branch: refs/heads/openssl-3.0
Home: https://github.com/openssl/openssl
Commit: b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d
https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d
Author: Watson Ladd <watsonbladd at gmail.com>
Date: 2024-05-28 (Tue, 28 May 2024)
Changed paths:
M ssl/record/rec_layer_s3.c
M ssl/record/record.h
M ssl/ssl_lib.c
Log Message:
-----------
Only free the read buffers if we're not using them
If we're part way through processing a record, or the application has
not released all the records then we should not free our buffer because
they are still needed.
CVE-2024-4741
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24395)
(cherry picked from commit 704f725b96aa373ee45ecfb23f6abfe8be8d9177)
Commit: 2d05959073c4bf8803401668b9df85931a08e020
https://github.com/openssl/openssl/commit/2d05959073c4bf8803401668b9df85931a08e020
Author: Matt Caswell <matt at openssl.org>
Date: 2024-05-28 (Tue, 28 May 2024)
Changed paths:
M ssl/record/rec_layer_s3.c
M ssl/record/ssl3_buffer.c
Log Message:
-----------
Set rlayer.packet to NULL after we've finished using it
In order to ensure we do not have a UAF we reset the rlayer.packet pointer
to NULL after we free it.
CVE-2024-4741
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24395)
(cherry picked from commit d146349171101dec3a876c13eb7a6dea32ba62ba)
Commit: 6fef334f914abfcd988e53a32d19f01d84529f74
https://github.com/openssl/openssl/commit/6fef334f914abfcd988e53a32d19f01d84529f74
Author: Matt Caswell <matt at openssl.org>
Date: 2024-05-28 (Tue, 28 May 2024)
Changed paths:
M test/sslbuffertest.c
Log Message:
-----------
Extend the SSL_free_buffers testing
Test that attempting to free the buffers at points where they should not
be freed works as expected.
Follow on from CVE-2024-4741
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24395)
(cherry picked from commit 4238abc17d44383592f92d6254d89dac806ee76b)
Commit: 1359c00e683840154760b7ba9204bad1b13dc074
https://github.com/openssl/openssl/commit/1359c00e683840154760b7ba9204bad1b13dc074
Author: Matt Caswell <matt at openssl.org>
Date: 2024-05-28 (Tue, 28 May 2024)
Changed paths:
M test/helpers/ssltestlib.c
M test/helpers/ssltestlib.h
M test/sslapitest.c
Log Message:
-----------
Move the ability to load the dasync engine into ssltestlib.c
The sslapitest has a helper function to load the dasync engine which is
useful for testing pipelining. We would like to have the same facility
from sslbuffertest, so we move the function to the common location
ssltestlib.c
Follow on from CVE-2024-4741
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24395)
(cherry picked from commit 0544c21a22f4d787e6f31d35e8f980402ac90a6d)
Commit: d095674320c84b8ed1250715b1dd5ce05f9f267b
https://github.com/openssl/openssl/commit/d095674320c84b8ed1250715b1dd5ce05f9f267b
Author: Matt Caswell <matt at openssl.org>
Date: 2024-05-28 (Tue, 28 May 2024)
Changed paths:
M test/sslbuffertest.c
Log Message:
-----------
Further extend the SSL_free_buffers testing
We extend the testing to test what happens when pipelining is in use.
Follow on from CVE-2024-4741
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24395)
(cherry picked from commit 6972d5ace1275faf404e7a53e806861962f4121c)
Compare: https://github.com/openssl/openssl/compare/ec559c2a6cca...d095674320c8
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
More information about the openssl-commits
mailing list