| 1 |
Fixes CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 |
| 2 |
DoS vulnerabilities in the DTLS implementation. |
| 3 |
diff -up openssl-fips-0.9.8e/crypto/pqueue/pqueue.c.dtls-dos openssl-fips-0.9.8e/crypto/pqueue/pqueue.c |
| 4 |
--- openssl-fips-0.9.8e/crypto/pqueue/pqueue.c.dtls-dos 2005-06-28 14:53:33.000000000 +0200 |
| 5 |
+++ openssl-fips-0.9.8e/crypto/pqueue/pqueue.c 2009-05-21 14:41:48.000000000 +0200 |
| 6 |
@@ -234,3 +234,17 @@ pqueue_next(pitem **item) |
| 7 |
|
| 8 |
return ret; |
| 9 |
} |
| 10 |
+ |
| 11 |
+int |
| 12 |
+pqueue_size(pqueue_s *pq) |
| 13 |
+{ |
| 14 |
+ pitem *item = pq->items; |
| 15 |
+ int count = 0; |
| 16 |
+ |
| 17 |
+ while(item != NULL) |
| 18 |
+ { |
| 19 |
+ count++; |
| 20 |
+ item = item->next; |
| 21 |
+ } |
| 22 |
+ return count; |
| 23 |
+} |
| 24 |
diff -up openssl-fips-0.9.8e/crypto/pqueue/pqueue.h.dtls-dos openssl-fips-0.9.8e/crypto/pqueue/pqueue.h |
| 25 |
--- openssl-fips-0.9.8e/crypto/pqueue/pqueue.h.dtls-dos 2009-04-15 13:48:50.000000000 +0200 |
| 26 |
+++ openssl-fips-0.9.8e/crypto/pqueue/pqueue.h 2009-05-21 14:41:48.000000000 +0200 |
| 27 |
@@ -91,5 +91,6 @@ pitem *pqueue_iterator(pqueue pq); |
| 28 |
pitem *pqueue_next(piterator *iter); |
| 29 |
|
| 30 |
void pqueue_print(pqueue pq); |
| 31 |
+int pqueue_size(pqueue pq); |
| 32 |
|
| 33 |
#endif /* ! HEADER_PQUEUE_H */ |
| 34 |
diff -up openssl-fips-0.9.8e/ssl/d1_both.c.dtls-dos openssl-fips-0.9.8e/ssl/d1_both.c |
| 35 |
--- openssl-fips-0.9.8e/ssl/d1_both.c.dtls-dos 2009-04-15 13:48:51.000000000 +0200 |
| 36 |
+++ openssl-fips-0.9.8e/ssl/d1_both.c 2009-06-02 15:07:31.000000000 +0200 |
| 37 |
@@ -519,6 +519,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, |
| 38 |
|
| 39 |
if ( s->d1->handshake_read_seq == frag->msg_header.seq) |
| 40 |
{ |
| 41 |
+ unsigned long frag_len = frag->msg_header.frag_len; |
| 42 |
pqueue_pop(s->d1->buffered_messages); |
| 43 |
|
| 44 |
al=dtls1_preprocess_fragment(s,&frag->msg_header,max); |
| 45 |
@@ -536,7 +537,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, |
| 46 |
if (al==0) |
| 47 |
{ |
| 48 |
*ok = 1; |
| 49 |
- return frag->msg_header.frag_len; |
| 50 |
+ return frag_len; |
| 51 |
} |
| 52 |
|
| 53 |
ssl3_send_alert(s,SSL3_AL_FATAL,al); |
| 54 |
@@ -561,7 +562,16 @@ dtls1_process_out_of_seq_message(SSL *s, |
| 55 |
if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) |
| 56 |
goto err; |
| 57 |
|
| 58 |
- if (msg_hdr->seq <= s->d1->handshake_read_seq) |
| 59 |
+ /* Try to find item in queue, to prevent duplicate entries */ |
| 60 |
+ pq_64bit_init(&seq64); |
| 61 |
+ pq_64bit_assign_word(&seq64, msg_hdr->seq); |
| 62 |
+ item = pqueue_find(s->d1->buffered_messages, seq64); |
| 63 |
+ pq_64bit_free(&seq64); |
| 64 |
+ |
| 65 |
+ /* Discard the message if sequence number was already there, is |
| 66 |
+ * too far in the future or the fragment is already in the queue */ |
| 67 |
+ if (msg_hdr->seq <= s->d1->handshake_read_seq || |
| 68 |
+ msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL) |
| 69 |
{ |
| 70 |
unsigned char devnull [256]; |
| 71 |
|
| 72 |
@@ -575,30 +585,31 @@ dtls1_process_out_of_seq_message(SSL *s, |
| 73 |
} |
| 74 |
} |
| 75 |
|
| 76 |
- frag = dtls1_hm_fragment_new(frag_len); |
| 77 |
- if ( frag == NULL) |
| 78 |
- goto err; |
| 79 |
+ if (frag_len) |
| 80 |
+ { |
| 81 |
+ frag = dtls1_hm_fragment_new(frag_len); |
| 82 |
+ if ( frag == NULL) |
| 83 |
+ goto err; |
| 84 |
|
| 85 |
- memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); |
| 86 |
+ memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); |
| 87 |
|
| 88 |
- if (frag_len) |
| 89 |
- { |
| 90 |
- /* read the body of the fragment (header has already been read */ |
| 91 |
+ /* read the body of the fragment (header has already been read) */ |
| 92 |
i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, |
| 93 |
frag->fragment,frag_len,0); |
| 94 |
- if (i<=0 || i!=frag_len) |
| 95 |
+ if (i<=0 || (unsigned long)i!=frag_len) |
| 96 |
goto err; |
| 97 |
- } |
| 98 |
|
| 99 |
- pq_64bit_init(&seq64); |
| 100 |
- pq_64bit_assign_word(&seq64, msg_hdr->seq); |
| 101 |
+ pq_64bit_init(&seq64); |
| 102 |
+ pq_64bit_assign_word(&seq64, msg_hdr->seq); |
| 103 |
|
| 104 |
- item = pitem_new(seq64, frag); |
| 105 |
- pq_64bit_free(&seq64); |
| 106 |
- if ( item == NULL) |
| 107 |
- goto err; |
| 108 |
+ item = pitem_new(seq64, frag); |
| 109 |
+ pq_64bit_free(&seq64); |
| 110 |
+ if ( item == NULL) |
| 111 |
+ goto err; |
| 112 |
+ |
| 113 |
+ pqueue_insert(s->d1->buffered_messages, item); |
| 114 |
+ } |
| 115 |
|
| 116 |
- pqueue_insert(s->d1->buffered_messages, item); |
| 117 |
return DTLS1_HM_FRAGMENT_RETRY; |
| 118 |
|
| 119 |
err: |
| 120 |
diff -up openssl-fips-0.9.8e/ssl/d1_pkt.c.dtls-dos openssl-fips-0.9.8e/ssl/d1_pkt.c |
| 121 |
--- openssl-fips-0.9.8e/ssl/d1_pkt.c.dtls-dos 2009-04-15 13:48:51.000000000 +0200 |
| 122 |
+++ openssl-fips-0.9.8e/ssl/d1_pkt.c 2009-05-21 14:41:48.000000000 +0200 |
| 123 |
@@ -167,6 +167,10 @@ dtls1_buffer_record(SSL *s, record_pqueu |
| 124 |
DTLS1_RECORD_DATA *rdata; |
| 125 |
pitem *item; |
| 126 |
|
| 127 |
+ /* Limit the size of the queue to prevent DOS attacks */ |
| 128 |
+ if (pqueue_size(queue->q) >= 100) |
| 129 |
+ return 0; |
| 130 |
+ |
| 131 |
rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); |
| 132 |
item = pitem_new(priority, rdata); |
| 133 |
if (rdata == NULL || item == NULL) |
| 134 |
diff -up openssl-fips-0.9.8e/ssl/s3_pkt.c.dtls-dos openssl-fips-0.9.8e/ssl/s3_pkt.c |
| 135 |
--- openssl-fips-0.9.8e/ssl/s3_pkt.c.dtls-dos 2006-11-29 15:45:14.000000000 +0100 |
| 136 |
+++ openssl-fips-0.9.8e/ssl/s3_pkt.c 2009-06-02 14:57:16.000000000 +0200 |
| 137 |
@@ -1225,6 +1225,13 @@ int ssl3_do_change_cipher_spec(SSL *s) |
| 138 |
|
| 139 |
if (s->s3->tmp.key_block == NULL) |
| 140 |
{ |
| 141 |
+ if (s->session == NULL) |
| 142 |
+ { |
| 143 |
+ /* might happen if dtls1_read_bytes() calls this */ |
| 144 |
+ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); |
| 145 |
+ return (0); |
| 146 |
+ } |
| 147 |
+ |
| 148 |
s->session->cipher=s->s3->tmp.new_cipher; |
| 149 |
if (!s->method->ssl3_enc->setup_key_block(s)) return(0); |
| 150 |
} |
| 151 |
diff -up openssl-fips-0.9.8e/ssl/ssl_err.c.dtls-dos openssl-fips-0.9.8e/ssl/ssl_err.c |
| 152 |
--- openssl-fips-0.9.8e/ssl/ssl_err.c.dtls-dos 2009-04-15 13:48:51.000000000 +0200 |
| 153 |
+++ openssl-fips-0.9.8e/ssl/ssl_err.c 2009-06-02 14:57:16.000000000 +0200 |
| 154 |
@@ -138,6 +138,7 @@ static ERR_STRING_DATA SSL_str_functs[]= |
| 155 |
{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, |
| 156 |
{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, |
| 157 |
{ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"}, |
| 158 |
+{ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"}, |
| 159 |
{ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, |
| 160 |
{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, |
| 161 |
{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, |
| 162 |
diff -up openssl-fips-0.9.8e/ssl/ssl.h.dtls-dos openssl-fips-0.9.8e/ssl/ssl.h |
| 163 |
--- openssl-fips-0.9.8e/ssl/ssl.h.dtls-dos 2009-04-15 13:48:51.000000000 +0200 |
| 164 |
+++ openssl-fips-0.9.8e/ssl/ssl.h 2009-06-02 14:57:16.000000000 +0200 |
| 165 |
@@ -1620,6 +1620,7 @@ void ERR_load_SSL_strings(void); |
| 166 |
#define SSL_F_SSL3_CONNECT 132 |
| 167 |
#define SSL_F_SSL3_CTRL 213 |
| 168 |
#define SSL_F_SSL3_CTX_CTRL 133 |
| 169 |
+#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 |
| 170 |
#define SSL_F_SSL3_ENC 134 |
| 171 |
#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 |
| 172 |
#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 |
Parent Directory
| 
Revision Log
| 
Revision Graph
