OpenBSD 5.4 errata 16, Oct 20, 2014

OpenBSD 5.4 errata 16, Oct 20, 2014

Two remotely triggerable memory leaks in OpenSSL can lead to a denial of
service in server applications.

Apply patch using:

cat 016_openssl.patch | (cd /usr/src && patch -p0

Then build and install libssl

cd /usr/src/lib/libssl/ssl
make obj
make
make install

Index: lib/libssl/src/ssl/d1_srtp.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/d1_srtp.c,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 d1_srtp.c
--- lib/libssl/src/ssl/d1_srtp.c 13 Oct 2012 21:23:49 -0000 1.1.1.1
+++ lib/libssl/src/ssl/d1_srtp.c 17 Oct 2014 19:57:51 -0000
@@ -213,6 +213,7 @@ static int ssl_ctx_make_profiles(const c
else
{
SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
+ sk_SRTP_PROTECTION_PROFILE_free(profiles);
return 1;
}

Index: lib/libssl/src/ssl/t1_lib.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/t1_lib.c,v
retrieving revision 1.12.8.2
diff -u -p -r1.12.8.2 t1_lib.c
--- lib/libssl/src/ssl/t1_lib.c 9 Aug 2014 16:54:58 -0000 1.12.8.2
+++ lib/libssl/src/ssl/t1_lib.c 17 Oct 2014 19:56:17 -0000
@@ -2188,8 +2188,10 @@ static int tls_decrypt_ticket(SSL *s, co
HMAC_Update(&hctx, etick, eticklen);
HMAC_Final(&hctx, tick_hmac, NULL);
HMAC_CTX_cleanup(&hctx);
- if (timingsafe_bcmp(tick_hmac, etick + eticklen, mlen))
+ if (timingsafe_bcmp(tick_hmac, etick + eticklen, mlen)) {
+ EVP_CIPHER_CTX_cleanup(&ctx);
return 2;
+ }
/* Attempt to decrypt session data */
/* Move p after IV to start of encrypted ticket, update length */
p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);