openssl/sme8/openssl-fips-0.9.8e-cve-2009-4355.patch

Modify compression code so it frees up structures without using the
ex_data callbacks. This works around a problem where some applications
call CRYPTO_free_all_ex_data() before application exit (e.g. when
restarting) then use compression (e.g. SSL with compression) later.
This results in significant per-connection memory leaks and
has caused some security issues including CVE-2008-1678 and
CVE-2009-4355. [Steve Henson]
diff -up openssl-fips-0.9.8e/crypto/comp/c_zlib.c.compleak openssl-fips-0.9.8e/crypto/comp/c_zlib.c
--- openssl-fips-0.9.8e/crypto/comp/c_zlib.c.compleak   2007-02-14 22:50:26.000000000 +0100
+++ openssl-fips-0.9.8e/crypto/comp/c_zlib.c    2010-01-14 09:32:46.000000000 +0100
@@ -133,15 +133,6 @@ struct zlib_state
 
 static int zlib_stateful_ex_idx = -1;
 
-static void zlib_stateful_free_ex_data(void *obj, void *item,
-       CRYPTO_EX_DATA *ad, int ind,long argl, void *argp)
-       {
-       struct zlib_state *state = (struct zlib_state *)item;
-       inflateEnd(&state->istream);
-       deflateEnd(&state->ostream);
-       OPENSSL_free(state);
-       }
-
 static int zlib_stateful_init(COMP_CTX *ctx)
        {
        int err;
@@ -185,6 +176,12 @@ static int zlib_stateful_init(COMP_CTX *
 
 static void zlib_stateful_finish(COMP_CTX *ctx)
        {
+       struct zlib_state *state =
+               (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
+                       zlib_stateful_ex_idx);
+       inflateEnd(&state->istream);
+       deflateEnd(&state->ostream);
+       OPENSSL_free(state);
        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
        }
 
@@ -396,7 +393,7 @@ COMP_METHOD *COMP_zlib(void)
                        if (zlib_stateful_ex_idx == -1)
                                zlib_stateful_ex_idx =
                                        CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,
-                                               0,NULL,NULL,NULL,zlib_stateful_free_ex_data);
+                                               0,NULL,NULL,NULL,NULL);
                        CRYPTO_w_unlock(CRYPTO_LOCK_COMP);
                        if (zlib_stateful_ex_idx == -1)
                                goto err;
1	wellsi	1.1	Modify compression code so it frees up structures without using the
2			ex_data callbacks. This works around a problem where some applications
3			call CRYPTO_free_all_ex_data() before application exit (e.g. when
4			restarting) then use compression (e.g. SSL with compression) later.
5			This results in significant per-connection memory leaks and
6			has caused some security issues including CVE-2008-1678 and
7			CVE-2009-4355. [Steve Henson]
8			diff -up openssl-fips-0.9.8e/crypto/comp/c_zlib.c.compleak openssl-fips-0.9.8e/crypto/comp/c_zlib.c
9			--- openssl-fips-0.9.8e/crypto/comp/c_zlib.c.compleak 2007-02-14 22:50:26.000000000 +0100
10			+++ openssl-fips-0.9.8e/crypto/comp/c_zlib.c 2010-01-14 09:32:46.000000000 +0100
11			@@ -133,15 +133,6 @@ struct zlib_state
12
13			static int zlib_stateful_ex_idx = -1;
14
15			-static void zlib_stateful_free_ex_data(void obj, void item,
16			- CRYPTO_EX_DATA ad, int ind,long argl, void argp)
17			- {
18			- struct zlib_state state = (struct zlib_state )item;
19			- inflateEnd(&state->istream);
20			- deflateEnd(&state->ostream);
21			- OPENSSL_free(state);
22			- }
23			-
24			static int zlib_stateful_init(COMP_CTX *ctx)
25			{
26			int err;
27			@@ -185,6 +176,12 @@ static int zlib_stateful_init(COMP_CTX *
28
29			static void zlib_stateful_finish(COMP_CTX *ctx)
30			{
31			+ struct zlib_state *state =
32			+ (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
33			+ zlib_stateful_ex_idx);
34			+ inflateEnd(&state->istream);
35			+ deflateEnd(&state->ostream);
36			+ OPENSSL_free(state);
37			CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
38			}
39
40			@@ -396,7 +393,7 @@ COMP_METHOD *COMP_zlib(void)
41			if (zlib_stateful_ex_idx == -1)
42			zlib_stateful_ex_idx =
43			CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,
44			- 0,NULL,NULL,NULL,zlib_stateful_free_ex_data);
45			+ 0,NULL,NULL,NULL,NULL);
46			CRYPTO_w_unlock(CRYPTO_LOCK_COMP);
47			if (zlib_stateful_ex_idx == -1)
48			goto err;