forked from pool/openssl-1_1
Pedro Monreal Gonzalez
18ecb7a582
- Security fix: [bsc#1227138, CVE-2024-5535] * SSL_select_next_proto buffer overread * Add openssl-CVE-2024-5535.patch - Apply "openssl-CVE-2024-4741.patch" to fix a use-after-free security vulnerability. Calling the function SSL_free_buffers() potentially caused memory to be accessed that was previously freed in some situations and a malicious attacker could attempt to engineer a stituation where this occurs to facilitate a denial-of-service attack. [CVE-2024-4741, bsc#1225551] OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=164
26 lines
675 B
Diff
26 lines
675 B
Diff
--- openssl-1.1.1l/crypto/fips/fips.c
|
|
+++ openssl-1.1.1l/crypto/fips/fips.c
|
|
@@ -350,6 +350,10 @@ static int FIPSCHECK_verify(const char *
|
|
if (strcmp(hex, hmac) != 0) {
|
|
rv = -1;
|
|
}
|
|
+ if (hmaclen != 0) {
|
|
+ OPENSSL_cleanse(buf, hmaclen);
|
|
+ OPENSSL_cleanse(hex, hmaclen * 2 + 1);
|
|
+ }
|
|
free(buf);
|
|
free(hex);
|
|
} else {
|
|
@@ -357,7 +360,11 @@ static int FIPSCHECK_verify(const char *
|
|
}
|
|
|
|
end:
|
|
+ if (n != 0)
|
|
+ OPENSSL_cleanse(hmac, n);
|
|
free(hmac);
|
|
+ if (strlen(hmacpath) != 0)
|
|
+ OPENSSL_cleanse(hmacpath, strlen(hmacpath));
|
|
free(hmacpath);
|
|
fclose(hf);
|
|
|