On Thu, Nov 02, 2017 at 11:25:18PM +0000, Andreas Thulin wrote: > Hi again, > > found this on cvsweb.openbsd.org: > > https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin/iked/ca.c?sortby=date > > ”In the subjectAltName comparison, the bzero before the while-loop was > lost while applying the diff. This is means sanid could be passed > uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() > could try to release a pointer which is essentially stack garbage. > While there I realized that the bzero() in the loop is essentially > fatal, since every mismatch leads to a silent leak of ibufs. Since > ca_x509_subjectaltname_cmp() releases and initializes the passed > iked_id, we can safely call it multiple times after initializing > sanid once before the loop.” > > Ignorant question: Does this mean a) that I should (try and probably fail > to) patch myself, b) that the change may become a syspatch, or c) that the > next release will include the patch? I’m running 6.2-stable.
This is a fixup for a change in -current, 6.2-stable is all fine. So unless you were running -current, all good. Patrick > Thanks again for the tip! > > BR, Andreas
