Re: OpenSSL bufffer overflow

Thanks! I did the same grep, but wasnt sure whether or not that particular
function (SSL_get_shared_ciphers) got called by another function in OpenSSL
which was originally called by some of the big apps like sendmail,apache
and sshd

When I last researched this when the first problem with that function
was announced, no other functions inside OpenSSL called it. That
still appears to be the case:

/usr/src/crypto/openssl> grep -R SSL_get_shared_ciphers .
./apps/s_client.c: p=SSL_get_shared_ciphers(s,buf,sizeof buf);
./apps/s_server.c: if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL)
./apps/s_server.c: p=SSL_get_shared_ciphers(con,buf,bufsize);
./doc/ssl/ssl.pod:=item char *B<SSL_get_shared_ciphers>(SSL *ssl, char *buf, int len);
./ssl/ssl.h:char * SSL_get_shared_ciphers(SSL *s, char *buf, int len);
./ssl/ssl_lib.c:char *SSL_get_shared_ciphers(SSL *s,char *buf,int len)
./util/ssleay.num:SSL_get_shared_ciphers 65 EXIST::FUNCTION:

Also, sendmail does not use it.
freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Cant patch Heartbleed bug?
    ... OpenSSL 1.0.1 through 1.0.1f are ... misinformation out there. ... Also, with the extensive list of apps that need to be restarted, unless you ... of trying to cherry pick apps to restart. ...
  • Re: broken openssl on freebsd60
    ... > got a server running that doesn't make exstensive use of openssl and ... > everything seems to run alright for the apps I've been running"... ... > current status of openssl on freebsd 6.0. ...
  • Re: Hifn 7955 doesnt work with Freebsd 7.0-release
    ... >all apps that use openssl likewise are not automatically accelerated. ... >suggested a patch but it was not accepted. ... >openssl and/or consumers to use the device. ...
  • Re: GCC 3.3
    ... > apache, sendmail, ip-filter, openssl and others all OK so far. ...
  • Re: FreeBSD Security Advisory FreeBSD-SA-14:06.openssl
    ... protocols implementation and do not use the ECDSA implementation from OpenSSL ... I use authenticated sendmail with security/cyrus-sasl2: ... You need to upgrade the security/openssl port to ...