[openssl/openssl] c88c3d: Only free the read buffers if we're not using them
Matt Caswell
noreply at github.com
Tue May 28 13:46:46 UTC 2024
Branch: refs/heads/openssl-3.2
Home: https://github.com/openssl/openssl
Commit: c88c3de51020c37e8706bf7a682a162593053aac
https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac
Author: Matt Caswell <matt at openssl.org>
Date: 2024-05-28 (Tue, 28 May 2024)
Changed paths:
M ssl/record/methods/tls_common.c
Log Message:
-----------
Only free the read buffers if we're not using them
If we're part way through processing a record, or the application has
not released all the records then we should not free our buffer because
they are still needed.
CVE-2024-4741
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24395)
(cherry picked from commit 38690cab18de88198f46478565fab423cf534efa)
Commit: 10171e5b511b700c5ecd4fd3e1086b19c34b1ae3
https://github.com/openssl/openssl/commit/10171e5b511b700c5ecd4fd3e1086b19c34b1ae3
Author: Matt Caswell <matt at openssl.org>
Date: 2024-05-28 (Tue, 28 May 2024)
Changed paths:
M ssl/record/methods/tls_common.c
Log Message:
-----------
Set rl->packet to NULL after we've finished using it
In order to ensure we do not have a UAF we reset the rl->packet pointer
to NULL after we free it.
Follow on from CVE-2024-4741
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24395)
(cherry picked from commit bfb8128190632092b3a66465838b87b469455cec)
Commit: ec87bc54c8ccc13caa29bc7f74ae84d78ffa1f5e
https://github.com/openssl/openssl/commit/ec87bc54c8ccc13caa29bc7f74ae84d78ffa1f5e
Author: Matt Caswell <matt at openssl.org>
Date: 2024-05-28 (Tue, 28 May 2024)
Changed paths:
M test/sslbuffertest.c
Log Message:
-----------
Extend the SSL_free_buffers testing
Test that attempting to free the buffers at points where they should not
be freed works as expected.
Follow on from CVE-2024-4741
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24395)
(cherry picked from commit 566f3069169b9fab4fbb23da98c3c91730dd5209)
Commit: d0f5a122ba271c9c848e16970249f61b3fc11b2b
https://github.com/openssl/openssl/commit/d0f5a122ba271c9c848e16970249f61b3fc11b2b
Author: Matt Caswell <matt at openssl.org>
Date: 2024-05-28 (Tue, 28 May 2024)
Changed paths:
M test/helpers/ssltestlib.c
M test/helpers/ssltestlib.h
M test/sslapitest.c
Log Message:
-----------
Move the ability to load the dasync engine into ssltestlib.c
The sslapitest has a helper function to load the dasync engine which is
useful for testing pipelining. We would like to have the same facility
from sslbuffertest, so we move the function to the common location
ssltestlib.c
Follow on from CVE-2024-4741
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24395)
(cherry picked from commit 05752478df623a9ddf849f897b630c1e0728cb7c)
Commit: d03e6fdf54ea41fb35e0499134eb3a7f831eeeeb
https://github.com/openssl/openssl/commit/d03e6fdf54ea41fb35e0499134eb3a7f831eeeeb
Author: Matt Caswell <matt at openssl.org>
Date: 2024-05-28 (Tue, 28 May 2024)
Changed paths:
M test/sslbuffertest.c
Log Message:
-----------
Further extend the SSL_free_buffers testing
We extend the testing to test what happens when pipelining is in use.
Follow on from CVE-2024-4741
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24395)
(cherry picked from commit c1bd38a003fa19fd0d8ade85e1bbc20d8ae59dab)
Compare: https://github.com/openssl/openssl/compare/17765d9cefed...d03e6fdf54ea
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
More information about the openssl-commits
mailing list