View | Details | Raw Unified | Return to bug 198681 | Differences between
and this patch

Collapse All | Expand All

(-)security/libressl/Makefile (+1 lines)
Lines 3-8 Link Here
3
3
4
PORTNAME=	libressl
4
PORTNAME=	libressl
5
PORTVERSION=	2.1.5
5
PORTVERSION=	2.1.5
6
PORTREVISION=	1
6
CATEGORIES=	security devel
7
CATEGORIES=	security devel
7
MASTER_SITES=	${MASTER_SITE_OPENBSD}
8
MASTER_SITES=	${MASTER_SITE_OPENBSD}
8
MASTER_SITE_SUBDIR=	LibreSSL
9
MASTER_SITE_SUBDIR=	LibreSSL
(-)security/libressl/files/patch-crypto_ec_ec__asn1.c (+46 lines)
Line 0 Link Here
1
# Backport of CVE-2015-0209 vuln mitigation
2
# Fix a failure to NULL a pointer freed on error.
3
#
4
# Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>
5
# CVE-2015-0209
6
7
--- crypto/ec/ec_asn1.c.orig	2015-02-10 14:54:46 UTC
8
+++ crypto/ec/ec_asn1.c
9
@@ -1043,13 +1043,8 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsi
10
 	EC_KEY *ret = NULL;
11
 	EC_PRIVATEKEY *priv_key = NULL;
12
 
13
-	if ((priv_key = EC_PRIVATEKEY_new()) == NULL) {
14
-		ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
15
-		return NULL;
16
-	}
17
-	if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) {
18
+	if ((priv_key = d2i_EC_PRIVATEKEY(NULL, in, len)) == NULL) {
19
 		ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
20
-		EC_PRIVATEKEY_free(priv_key);
21
 		return NULL;
22
 	}
23
 	if (a == NULL || *a == NULL) {
24
@@ -1058,8 +1053,6 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsi
25
 			    ERR_R_MALLOC_FAILURE);
26
 			goto err;
27
 		}
28
-		if (a)
29
-			*a = ret;
30
 	} else
31
 		ret = *a;
32
 
33
@@ -1109,10 +1102,12 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsi
34
 			goto err;
35
 		}
36
 	}
37
+	if (a)
38
+		*a = ret;
39
 	ok = 1;
40
 err:
41
 	if (!ok) {
42
-		if (ret)
43
+		if (ret && (a == NULL || *a != ret))
44
 			EC_KEY_free(ret);
45
 		ret = NULL;
46
 	}
(-)security/libressl/files/patch-crypto_x509_x509__req.c (+17 lines)
Line 0 Link Here
1
# Backport of CVE-2015-0288 vuln mitigation
2
# Check public key is not NULL.
3
#
4
# CVE-2015-0288
5
# PR#3708
6
7
--- crypto/x509/x509_req.c.orig	2014-12-06 23:15:50 UTC
8
+++ crypto/x509/x509_req.c
9
@@ -95,6 +95,8 @@ X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey
10
 		goto err;
11
 
12
 	pktmp = X509_get_pubkey(x);
13
+	if (pktmp == NULL)
14
+		goto err;
15
 	i = X509_REQ_set_pubkey(ret, pktmp);
16
 	EVP_PKEY_free(pktmp);
17
 	if (!i)

Return to bug 198681