10.3/releng-p25.diff

Index: UPDATING
===================================================================
--- UPDATING	(版本 325878)
+++ UPDATING	(版本 326359)
@@ -16,6 +16,10 @@
 stable/10, and then rebuild without this option. The bootstrap process from
 older version of current is a bit fragile.
 
+20171129	p25	FreeBSD-SA-17:11.openssl
+
+	Fix OpenSSL out-of-bounds read vulnerability.
+
 20171115	p24	FreeBSD-SA-17:08.ptrace
 			FreeBSD-SA-17:09.shm
 			FreeBSD-SA-17:10.kldstat
Index: crypto/openssl/crypto/x509v3/v3_addr.c
===================================================================
--- crypto/openssl/crypto/x509v3/v3_addr.c	(版本 325878)
+++ crypto/openssl/crypto/x509v3/v3_addr.c	(版本 326359)
@@ -130,10 +130,12 @@
  */
 unsigned int v3_addr_get_afi(const IPAddressFamily *f)
 {
-    return ((f != NULL &&
-             f->addressFamily != NULL && f->addressFamily->data != NULL)
-            ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
-            : 0);
+    if (f == NULL
+            || f->addressFamily == NULL
+            || f->addressFamily->data == NULL
+            || f->addressFamily->length < 2)
+        return 0;
+    return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
 }
 
 /*
Index: sys/conf/newvers.sh
===================================================================
--- sys/conf/newvers.sh	(版本 325878)
+++ sys/conf/newvers.sh	(版本 326359)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="10.3"
-BRANCH="RELEASE-p24"
+BRANCH="RELEASE-p25"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi