1 |
wellsi |
1.1 |
Fixes CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 |
2 |
|
|
DoS vulnerabilities in the DTLS implementation. |
3 |
|
|
diff -up openssl-fips-0.9.8e/crypto/pqueue/pqueue.c.dtls-dos openssl-fips-0.9.8e/crypto/pqueue/pqueue.c |
4 |
|
|
--- openssl-fips-0.9.8e/crypto/pqueue/pqueue.c.dtls-dos 2005-06-28 14:53:33.000000000 +0200 |
5 |
|
|
+++ openssl-fips-0.9.8e/crypto/pqueue/pqueue.c 2009-05-21 14:41:48.000000000 +0200 |
6 |
|
|
@@ -234,3 +234,17 @@ pqueue_next(pitem **item) |
7 |
|
|
|
8 |
|
|
return ret; |
9 |
|
|
} |
10 |
|
|
+ |
11 |
|
|
+int |
12 |
|
|
+pqueue_size(pqueue_s *pq) |
13 |
|
|
+{ |
14 |
|
|
+ pitem *item = pq->items; |
15 |
|
|
+ int count = 0; |
16 |
|
|
+ |
17 |
|
|
+ while(item != NULL) |
18 |
|
|
+ { |
19 |
|
|
+ count++; |
20 |
|
|
+ item = item->next; |
21 |
|
|
+ } |
22 |
|
|
+ return count; |
23 |
|
|
+} |
24 |
|
|
diff -up openssl-fips-0.9.8e/crypto/pqueue/pqueue.h.dtls-dos openssl-fips-0.9.8e/crypto/pqueue/pqueue.h |
25 |
|
|
--- openssl-fips-0.9.8e/crypto/pqueue/pqueue.h.dtls-dos 2009-04-15 13:48:50.000000000 +0200 |
26 |
|
|
+++ openssl-fips-0.9.8e/crypto/pqueue/pqueue.h 2009-05-21 14:41:48.000000000 +0200 |
27 |
|
|
@@ -91,5 +91,6 @@ pitem *pqueue_iterator(pqueue pq); |
28 |
|
|
pitem *pqueue_next(piterator *iter); |
29 |
|
|
|
30 |
|
|
void pqueue_print(pqueue pq); |
31 |
|
|
+int pqueue_size(pqueue pq); |
32 |
|
|
|
33 |
|
|
#endif /* ! HEADER_PQUEUE_H */ |
34 |
|
|
diff -up openssl-fips-0.9.8e/ssl/d1_both.c.dtls-dos openssl-fips-0.9.8e/ssl/d1_both.c |
35 |
|
|
--- openssl-fips-0.9.8e/ssl/d1_both.c.dtls-dos 2009-04-15 13:48:51.000000000 +0200 |
36 |
|
|
+++ openssl-fips-0.9.8e/ssl/d1_both.c 2009-06-02 15:07:31.000000000 +0200 |
37 |
|
|
@@ -519,6 +519,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, |
38 |
|
|
|
39 |
|
|
if ( s->d1->handshake_read_seq == frag->msg_header.seq) |
40 |
|
|
{ |
41 |
|
|
+ unsigned long frag_len = frag->msg_header.frag_len; |
42 |
|
|
pqueue_pop(s->d1->buffered_messages); |
43 |
|
|
|
44 |
|
|
al=dtls1_preprocess_fragment(s,&frag->msg_header,max); |
45 |
|
|
@@ -536,7 +537,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, |
46 |
|
|
if (al==0) |
47 |
|
|
{ |
48 |
|
|
*ok = 1; |
49 |
|
|
- return frag->msg_header.frag_len; |
50 |
|
|
+ return frag_len; |
51 |
|
|
} |
52 |
|
|
|
53 |
|
|
ssl3_send_alert(s,SSL3_AL_FATAL,al); |
54 |
|
|
@@ -561,7 +562,16 @@ dtls1_process_out_of_seq_message(SSL *s, |
55 |
|
|
if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) |
56 |
|
|
goto err; |
57 |
|
|
|
58 |
|
|
- if (msg_hdr->seq <= s->d1->handshake_read_seq) |
59 |
|
|
+ /* Try to find item in queue, to prevent duplicate entries */ |
60 |
|
|
+ pq_64bit_init(&seq64); |
61 |
|
|
+ pq_64bit_assign_word(&seq64, msg_hdr->seq); |
62 |
|
|
+ item = pqueue_find(s->d1->buffered_messages, seq64); |
63 |
|
|
+ pq_64bit_free(&seq64); |
64 |
|
|
+ |
65 |
|
|
+ /* Discard the message if sequence number was already there, is |
66 |
|
|
+ * too far in the future or the fragment is already in the queue */ |
67 |
|
|
+ if (msg_hdr->seq <= s->d1->handshake_read_seq || |
68 |
|
|
+ msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL) |
69 |
|
|
{ |
70 |
|
|
unsigned char devnull [256]; |
71 |
|
|
|
72 |
|
|
@@ -575,30 +585,31 @@ dtls1_process_out_of_seq_message(SSL *s, |
73 |
|
|
} |
74 |
|
|
} |
75 |
|
|
|
76 |
|
|
- frag = dtls1_hm_fragment_new(frag_len); |
77 |
|
|
- if ( frag == NULL) |
78 |
|
|
- goto err; |
79 |
|
|
+ if (frag_len) |
80 |
|
|
+ { |
81 |
|
|
+ frag = dtls1_hm_fragment_new(frag_len); |
82 |
|
|
+ if ( frag == NULL) |
83 |
|
|
+ goto err; |
84 |
|
|
|
85 |
|
|
- memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); |
86 |
|
|
+ memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); |
87 |
|
|
|
88 |
|
|
- if (frag_len) |
89 |
|
|
- { |
90 |
|
|
- /* read the body of the fragment (header has already been read */ |
91 |
|
|
+ /* read the body of the fragment (header has already been read) */ |
92 |
|
|
i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, |
93 |
|
|
frag->fragment,frag_len,0); |
94 |
|
|
- if (i<=0 || i!=frag_len) |
95 |
|
|
+ if (i<=0 || (unsigned long)i!=frag_len) |
96 |
|
|
goto err; |
97 |
|
|
- } |
98 |
|
|
|
99 |
|
|
- pq_64bit_init(&seq64); |
100 |
|
|
- pq_64bit_assign_word(&seq64, msg_hdr->seq); |
101 |
|
|
+ pq_64bit_init(&seq64); |
102 |
|
|
+ pq_64bit_assign_word(&seq64, msg_hdr->seq); |
103 |
|
|
|
104 |
|
|
- item = pitem_new(seq64, frag); |
105 |
|
|
- pq_64bit_free(&seq64); |
106 |
|
|
- if ( item == NULL) |
107 |
|
|
- goto err; |
108 |
|
|
+ item = pitem_new(seq64, frag); |
109 |
|
|
+ pq_64bit_free(&seq64); |
110 |
|
|
+ if ( item == NULL) |
111 |
|
|
+ goto err; |
112 |
|
|
+ |
113 |
|
|
+ pqueue_insert(s->d1->buffered_messages, item); |
114 |
|
|
+ } |
115 |
|
|
|
116 |
|
|
- pqueue_insert(s->d1->buffered_messages, item); |
117 |
|
|
return DTLS1_HM_FRAGMENT_RETRY; |
118 |
|
|
|
119 |
|
|
err: |
120 |
|
|
diff -up openssl-fips-0.9.8e/ssl/d1_pkt.c.dtls-dos openssl-fips-0.9.8e/ssl/d1_pkt.c |
121 |
|
|
--- openssl-fips-0.9.8e/ssl/d1_pkt.c.dtls-dos 2009-04-15 13:48:51.000000000 +0200 |
122 |
|
|
+++ openssl-fips-0.9.8e/ssl/d1_pkt.c 2009-05-21 14:41:48.000000000 +0200 |
123 |
|
|
@@ -167,6 +167,10 @@ dtls1_buffer_record(SSL *s, record_pqueu |
124 |
|
|
DTLS1_RECORD_DATA *rdata; |
125 |
|
|
pitem *item; |
126 |
|
|
|
127 |
|
|
+ /* Limit the size of the queue to prevent DOS attacks */ |
128 |
|
|
+ if (pqueue_size(queue->q) >= 100) |
129 |
|
|
+ return 0; |
130 |
|
|
+ |
131 |
|
|
rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); |
132 |
|
|
item = pitem_new(priority, rdata); |
133 |
|
|
if (rdata == NULL || item == NULL) |
134 |
|
|
diff -up openssl-fips-0.9.8e/ssl/s3_pkt.c.dtls-dos openssl-fips-0.9.8e/ssl/s3_pkt.c |
135 |
|
|
--- openssl-fips-0.9.8e/ssl/s3_pkt.c.dtls-dos 2006-11-29 15:45:14.000000000 +0100 |
136 |
|
|
+++ openssl-fips-0.9.8e/ssl/s3_pkt.c 2009-06-02 14:57:16.000000000 +0200 |
137 |
|
|
@@ -1225,6 +1225,13 @@ int ssl3_do_change_cipher_spec(SSL *s) |
138 |
|
|
|
139 |
|
|
if (s->s3->tmp.key_block == NULL) |
140 |
|
|
{ |
141 |
|
|
+ if (s->session == NULL) |
142 |
|
|
+ { |
143 |
|
|
+ /* might happen if dtls1_read_bytes() calls this */ |
144 |
|
|
+ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); |
145 |
|
|
+ return (0); |
146 |
|
|
+ } |
147 |
|
|
+ |
148 |
|
|
s->session->cipher=s->s3->tmp.new_cipher; |
149 |
|
|
if (!s->method->ssl3_enc->setup_key_block(s)) return(0); |
150 |
|
|
} |
151 |
|
|
diff -up openssl-fips-0.9.8e/ssl/ssl_err.c.dtls-dos openssl-fips-0.9.8e/ssl/ssl_err.c |
152 |
|
|
--- openssl-fips-0.9.8e/ssl/ssl_err.c.dtls-dos 2009-04-15 13:48:51.000000000 +0200 |
153 |
|
|
+++ openssl-fips-0.9.8e/ssl/ssl_err.c 2009-06-02 14:57:16.000000000 +0200 |
154 |
|
|
@@ -138,6 +138,7 @@ static ERR_STRING_DATA SSL_str_functs[]= |
155 |
|
|
{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, |
156 |
|
|
{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, |
157 |
|
|
{ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"}, |
158 |
|
|
+{ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"}, |
159 |
|
|
{ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, |
160 |
|
|
{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, |
161 |
|
|
{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, |
162 |
|
|
diff -up openssl-fips-0.9.8e/ssl/ssl.h.dtls-dos openssl-fips-0.9.8e/ssl/ssl.h |
163 |
|
|
--- openssl-fips-0.9.8e/ssl/ssl.h.dtls-dos 2009-04-15 13:48:51.000000000 +0200 |
164 |
|
|
+++ openssl-fips-0.9.8e/ssl/ssl.h 2009-06-02 14:57:16.000000000 +0200 |
165 |
|
|
@@ -1620,6 +1620,7 @@ void ERR_load_SSL_strings(void); |
166 |
|
|
#define SSL_F_SSL3_CONNECT 132 |
167 |
|
|
#define SSL_F_SSL3_CTRL 213 |
168 |
|
|
#define SSL_F_SSL3_CTX_CTRL 133 |
169 |
|
|
+#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 |
170 |
|
|
#define SSL_F_SSL3_ENC 134 |
171 |
|
|
#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 |
172 |
|
|
#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 |