From fc2b8b39295ae7b252b4d347ec1ae0f8809bcf28 Mon Sep 17 00:00:00 2001 From: delphij Date: Thu, 19 Mar 2015 17:40:43 +0000 Subject: Fix multiple OpenSSL vulnerabilities. Security: FreeBSD-SA-15:06.openssl Security: CVE-2015-0209 Security: CVE-2015-0286 Security: CVE-2015-0287 Security: CVE-2015-0288 Security: CVE-2015-0289 Security: CVE-2015-0293 --- secure/lib/libcrypto/man/d2i_X509.3 | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'secure/lib') diff --git a/secure/lib/libcrypto/man/d2i_X509.3 b/secure/lib/libcrypto/man/d2i_X509.3 index 4dfb31a..ead4c2b 100644 --- a/secure/lib/libcrypto/man/d2i_X509.3 +++ b/secure/lib/libcrypto/man/d2i_X509.3 @@ -342,6 +342,12 @@ In some versions of OpenSSL the \*(L"reuse\*(R" behaviour of \fId2i_X509()\fR wh persist if they are not present in the new one. As a result the use of this \*(L"reuse\*(R" behaviour is strongly discouraged. .PP +Current versions of OpenSSL will not modify \fB*px\fR if an error occurs. +If parsing succeeds then \fB*px\fR is freed (if it is not \s-1NULL\s0) and then +set to the value of the newly decoded structure. As a result \fB*px\fR +\&\fBmust not\fR be allocated on the stack or an attempt will be made to +free an invalid pointer. +.PP \&\fIi2d_X509()\fR will not return an error in many versions of OpenSSL, if mandatory fields are not initialized due to a programming error then the encoded structure may contain invalid data or omit the @@ -352,7 +358,9 @@ always succeed. .IX Header "RETURN VALUES" \&\fId2i_X509()\fR, \fId2i_X509_bio()\fR and \fId2i_X509_fp()\fR return a valid \fBX509\fR structure or \fB\s-1NULL\s0\fR if an error occurs. The error code that can be obtained by -\&\fIERR_get_error\fR\|(3). +\&\fIERR_get_error\fR\|(3). If the \*(L"reuse\*(R" capability has been used +with a valid X509 structure being passed in via \fBpx\fR then the object is not +modified in the event of error. .PP \&\fIi2d_X509()\fR returns the number of bytes successfully encoded or a negative value if an error occurs. The error code can be obtained by -- cgit v1.1