Would be great if I can get answers to the below questions thanks aparajita
From: Aparajita Sood (apsood) Sent: Tuesday, September 21, 2010 11:54 AM To: 'openssl-users@openssl.org' Subject: REGD : openssl vulnerability CVE-2010-2939 : double in ssl3_get_key_exchange Hi OpenSSL Folks, I'm evaluating our product for this vulnerability. http://www.mail-archive.com/openssl-...@openssl.org/msg28049.html <http://www.mail-archive.com/openssl-...@openssl.org/msg28049.html> I have a few questions : 1. The vulnerability says > "You are right : there is a double free bug in the function > *ssl3_get_key_exchange* which leads to crash if an error occurs. > The bug is in line 1510 of s3_clnt.c where we forget to set the > variable bn_ctx to NULL after freeing it and this leads to the > double free error when BN_CTX_free is called a second time on line > 1650. " > In 0.9.7d and prior I see no reference to bn_ctx or BN_CTX_free QUESTION: Since I do not see references to bn_ctx or BN_CTX_free in 0.9.7d can I assume that the vulnerability does not exist on that version? 2. The link says " OpenSSL versions 1.0.0a, 0.9.8, 0.9.7, > and possibly other versions, are affected when Elliptic curve > Diffie-Hellman (ECDH) is enabled" > QUESTION: Since I don't see BN_CTX_free being used in 0.9.7d and prior, do they mean that 7e, f , g have these definitions ? 3. I checked in the opensslconf.h file for #define OPENSSL_NO_ECDH to check if ECDH is enabled or not QUESTION: is this the correct way to find if ecdh is enabled or not? Would be great if I can get a response to these thanks aparajita
