jonathan/openssl
1
0
Fork 0
forked from rpms/openssl
Code Pull Requests Activity

Avoid memory leaks in TLS

Browse Source 
Resolves: rhbz#2144008
This commit is contained in:
Dmitry Belyavskiy 2022-11-16 12:23:27 +01:00 committed by Clemens Lang
parent 6c57fc8dcc
commit 474a112b98
2 changed files with 52 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
0086-avoid-bio-memleak.patch Normal file
View File

@ -0,0 +1,48 @@
From 3d046c4d047a55123beeceffe9f8bae09159445e Mon Sep 17 00:00:00 2001
From: yangyangtiantianlonglong <yangtianlong1224@163.com>
Date: Wed, 19 Jan 2022 11:19:52 +0800
Subject: [PATCH] Fix the same BIO_FLAGS macro definition
Also add comment to the public header to avoid
making another conflict in future.
Fixes #17545
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17546)
(cherry picked from commit e278f18563dd3dd67c00200ee30402f48023c6ef)
---
include/internal/bio.h | 2 +-
include/openssl/bio.h.in | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/include/internal/bio.h b/include/internal/bio.h
index 2d36a7b980f2..02f7222ab4f1 100644
--- a/include/internal/bio.h
+++ b/include/internal/bio.h
@@ -48,9 +48,9 @@ int bread_conv(BIO *bio, char *data, size_t datal, size_t *read);
* BIO_FLAGS_KTLS_TX_CTRL_MSG means we are about to send a ctrl message next.
* BIO_FLAGS_KTLS_RX means we are using ktls with this BIO for receiving.
*/
-# define BIO_FLAGS_KTLS_TX 0x800
# define BIO_FLAGS_KTLS_TX_CTRL_MSG 0x1000
# define BIO_FLAGS_KTLS_RX 0x2000
+# define BIO_FLAGS_KTLS_TX 0x4000
/* KTLS related controls and flags */
# define BIO_set_ktls_flag(b, is_tx) \
diff --git a/include/openssl/bio.h.in b/include/openssl/bio.h.in
index 2c65b7e1a79b..686dad3099b7 100644
--- a/include/openssl/bio.h.in
+++ b/include/openssl/bio.h.in
@@ -209,6 +209,8 @@ extern "C" {
# define BIO_FLAGS_NONCLEAR_RST 0x400
# define BIO_FLAGS_IN_EOF 0x800
+/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
+
typedef union bio_addr_st BIO_ADDR;
typedef struct bio_addrinfo_st BIO_ADDRINFO;

4
openssl.spec
View File

@ -166,6 +166,8 @@ Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
Patch79: 0079-CVE-2022-3602.patch Patch79: 0079-CVE-2022-3602.patch
#https://bugzilla.redhat.com/show_bug.cgi?id=2142121 #https://bugzilla.redhat.com/show_bug.cgi?id=2142121
Patch85: 0085-FIPS-RSA-disable-shake.patch Patch85: 0085-FIPS-RSA-disable-shake.patch
#https://github.com/openssl/openssl/pull/17546
Patch86: 0086-avoid-bio-memleak.patch
License: ASL 2.0 License: ASL 2.0
URL: http://www.openssl.org/ URL: http://www.openssl.org/
@ -499,6 +501,8 @@ install -m644 %{SOURCE9} \
* Mon Nov 14 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-44 * Mon Nov 14 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-44
- SHAKE-128/256 are not allowed with RSA in FIPS mode - SHAKE-128/256 are not allowed with RSA in FIPS mode
Resolves: rhbz#2144010 Resolves: rhbz#2144010
- Avoid memory leaks in TLS
Resolves: rhbz#2144008
* Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43 * Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43
- CVE-2022-3602: X.509 Email Address Buffer Overflow - CVE-2022-3602: X.509 Email Address Buffer Overflow