Djam/openssl
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/openssl.git synced 2025-02-23 16:22:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
openssl/openssl-CVE-2013-0169.5.patch

124 lines
3.6 KiB
Diff
Raw Permalink Normal View History

Security fix
2013-04-11 17:24:48 +04:00
From 610dfc3ef4c4019394534023115226f4ed0e7204 Mon Sep 17 00:00:00 2001
From: Ben Laurie <ben@links.org>
Date: Mon, 28 Jan 2013 17:33:18 +0000
Subject: [PATCH] Don't crash when processing a zero-length, TLS >= 1.1
record.
The previous CBC patch was bugged in that there was a path through enc()
in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left
at the previous value which could suggest that the packet was a
sufficient length when it wasn't.
(cherry picked from commit 6cb19b7681f600b2f165e4adc57547b097b475fd)
---
ssl/d1_enc.c | 1 -
ssl/d1_pkt.c | 1 +
ssl/s3_enc.c | 11 +++++++++--
ssl/s3_pkt.c | 5 +++++
ssl/t1_enc.c | 11 +++++++++--
5 files changed, 24 insertions(+), 5 deletions(-)
diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c
index c13b495..da42348 100644
--- a/ssl/d1_enc.c
+++ b/ssl/d1_enc.c
@@ -245,7 +245,6 @@ int dtls1_enc(SSL *s, int send)
}
#endif /* KSSL_DEBUG */
- rec->orig_len = rec->length;
if ((bs != 1) && !send)
return tls1_cbc_remove_padding(s, rec, bs, mac_size);
}
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 46a1950..5ee7c0d 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -406,6 +406,7 @@ dtls1_process_record(SSL *s)
/* decrypt in place in 'rr->input' */
rr->data=rr->input;
+ rr->orig_len=rr->length;
enc_err = s->method->ssl3_enc->enc(s,0);
if (enc_err <= 0)
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index de5354a..a5829dc 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -465,6 +465,15 @@ void ssl3_cleanup_key_block(SSL *s)
s->s3->tmp.key_block_length=0;
}
+/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+ *
+ * Returns:
+ * 0: (in non-constant time) if the record is publically invalid (i.e. too
+ * short etc).
+ * 1: if the record's padding is valid / the encryption was successful.
+ * -1: if the record's padding is invalid or, if sending, an internal error
+ * occured.
+ */
int ssl3_enc(SSL *s, int send)
{
SSL3_RECORD *rec;
@@ -531,8 +540,6 @@ int ssl3_enc(SSL *s, int send)
EVP_Cipher(ds,rec->data,rec->input,l);
- rec->orig_len = rec->length;
-
if (EVP_MD_CTX_md(s->read_hash) != NULL)
mac_size = EVP_MD_CTX_size(s->read_hash);
if ((bs != 1) && !send)
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 2e0c173..5bd0cd4 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -398,8 +398,13 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
/* decrypt in place in 'rr->input' */
rr->data=rr->input;
+ rr->orig_len=rr->length;
enc_err = s->method->ssl3_enc->enc(s,0);
+ /* enc_err is:
+ * 0: (in non-constant time) if the record is publically invalid.
+ * 1: if the padding is valid
+ * -1: if the padding is invalid */
if (enc_err == 0)
{
/* SSLerr() and ssl3_send_alert() have been called */
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 0cb3c56..aaa4a5e 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -635,6 +635,15 @@ err:
return(ret);
}
+/* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+ *
+ * Returns:
+ * 0: (in non-constant time) if the record is publically invalid (i.e. too
+ * short etc).
+ * 1: if the record's padding is valid / the encryption was successful.
+ * -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
+ * an internal error occured.
+ */
int tls1_enc(SSL *s, int send)
{
SSL3_RECORD *rec;
@@ -746,8 +755,6 @@ int tls1_enc(SSL *s, int send)
}
#endif /* KSSL_DEBUG */
- rec->orig_len = rec->length;
-
ret = 1;
if (EVP_MD_CTX_md(s->read_hash) != NULL)
mac_size = EVP_MD_CTX_size(s->read_hash);
--
1.7.9.5
Reference in a new issue Copy permalink