What is affected by FreeBSD-SA-07:08.openssl ?

Colin Percival cperciva at freebsd.org
Thu Oct 4 08:09:42 PDT 2007

Alexandre Biancalana wrote:
> $ grep -lr SSL_get_shared_ciphers /usr/src 2> /dev/null
> /usr/src/crypto/openssl/apps/s_client.c
> /usr/src/crypto/openssl/apps/s_server.c
> /usr/src/crypto/openssl/doc/ssleay.txt
> /usr/src/crypto/openssl/doc/ssl/ssl.pod
> /usr/src/crypto/openssl/ssl/ssl.h
> /usr/src/crypto/openssl/ssl/ssl_lib.c
> /usr/src/crypto/openssl/util/ssleay.num
> /usr/src/secure/lib/libssl/man/ssl.3
> Doesn't revel much about what is affected by this bug.... Have someone made
> some deeper analysis about what is affected ?

It doesn't look like anything in the base system uses this function, but I
just zgrepped my /usr/ports/distfiles and found that mysql uses this if it
is compiled with DBUG_OFF not defined.  Assuming that you keep all of your
ports distfiles, you can run
$ zgrep -R SSL_get_shared_ciphers /usr/ports/distfiles
and any applications which use said function will probably show up.

But as for a deep analysis -- not that I'm aware of.  We fixed this because
there might be an application which used this function in a way which made
this buffer overflow exploitable, not because we knew that such an application

Colin Percival
FreeBSD Security Officer

More information about the freebsd-questions mailing list