security/libressl: Fix vulnerability
Obtained from: OpenBSD MFH: 2017Q2 Security: 24673ed7-2bf3-11e7-b291-b499baebfeaf Security: CVE-2017-8301
This commit is contained in:
Bernard Spil
parent
93fb5b3a87
commit
293bf5a055
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=439764
2 changed files with 33 additions and 0 deletions
|
|
@ -3,6 +3,7 @@
|
|||
|
||||
PORTNAME= libressl
|
||||
PORTVERSION= 2.5.3
|
||||
PORTREVISION= 1
|
||||
CATEGORIES= security devel
|
||||
MASTER_SITES= OPENBSD/LibreSSL
|
||||
PKGNAMESUFFIX= -devel
|
||||
|
|
|
|||
32
security/libressl-devel/files/patch-CVE-2017-8301
Normal file
32
security/libressl-devel/files/patch-CVE-2017-8301
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
https://marc.info/?l=openbsd-cvs&m=149342064612660
|
||||
|
||||
===================================================================
|
||||
RCS file: /cvs/src/lib/libcrypto/x509/x509_vfy.c,v
|
||||
retrieving revision 1.61
|
||||
retrieving revision 1.61.4.1
|
||||
diff -u -r1.61 -r1.61.4.1
|
||||
--- crypto/x509/x509_vfy.c 2017/02/05 02:33:21 1.61
|
||||
+++ crypto/x509/x509_vfy.c 2017/04/28 23:12:04 1.61.4.1
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* $OpenBSD: x509_vfy.c,v 1.61 2017/02/05 02:33:21 beck Exp $ */
|
||||
+/* $OpenBSD: x509_vfy.c,v 1.61.4.1 2017/04/28 23:12:04 beck Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
@@ -541,15 +541,7 @@
|
||||
/* Safety net, error returns must set ctx->error */
|
||||
if (ok <= 0 && ctx->error == X509_V_OK)
|
||||
ctx->error = X509_V_ERR_UNSPECIFIED;
|
||||
-
|
||||
- /*
|
||||
- * Safety net, if user provided verify callback indicates sucess
|
||||
- * make sure they have set error to X509_V_OK
|
||||
- */
|
||||
- if (ctx->verify_cb != null_callback && ok == 1)
|
||||
- ctx->error = X509_V_OK;
|
||||
-
|
||||
- return(ctx->error == X509_V_OK);
|
||||
+ return ok;
|
||||
}
|
||||
|
||||
/* Given a STACK_OF(X509) find the issuer of cert (if any)
|
||||
Loading…
Reference in a new issue