rpms / openssl

Clone
Source Code
GIT

Blame SOURCES/openssl-1.0.1e-cve-2016-6304.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   653b37a36fcfa8d53d73e34d10ac70e7aaafba1c
  2.   SOURCES
  3.   openssl-1.0.1e-cve-2016-6304.patch
Blob History Raw
653b37 
diff -up openssl-1.0.1e/ssl/t1_lib.c.ocsp-memgrowth openssl-1.0.1e/ssl/t1_lib.c
653b37 
--- openssl-1.0.1e/ssl/t1_lib.c.ocsp-memgrowth	2016-09-20 18:09:26.000000000 +0200
653b37 
+++ openssl-1.0.1e/ssl/t1_lib.c	2016-09-22 10:57:23.195580623 +0200
653b37 
@@ -1239,6 +1239,27 @@ int ssl_parse_clienthello_tlsext(SSL *s,
653b37 
 					*al = SSL_AD_DECODE_ERROR;
653b37 
 					return 0;
653b37 
 					}
653b37 
+
653b37 
+				/*
653b37 
+				 * We remove any OCSP_RESPIDs from a previous handshake
653b37 
+				 * to prevent unbounded memory growth - CVE-2016-6304
653b37 
+				 */
653b37 
+				sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids,
653b37 
+							OCSP_RESPID_free);
653b37 
+				if (dsize > 0)
653b37 
+					{
653b37 
+					s->tlsext_ocsp_ids = sk_OCSP_RESPID_new_null();
653b37 
+					if (s->tlsext_ocsp_ids == NULL)
653b37 
+						{
653b37 
+						*al = SSL_AD_INTERNAL_ERROR;
653b37 
+						return 0;
653b37 
+						}
653b37 
+					}
653b37 
+				 else
653b37 
+					{
653b37 
+					s->tlsext_ocsp_ids = NULL;
653b37 
+					}
653b37 
+
653b37 
 				while (dsize > 0)
653b37 
 					{
653b37 
 					OCSP_RESPID *id;
653b37 
@@ -1271,14 +1292,6 @@ int ssl_parse_clienthello_tlsext(SSL *s,
653b37 
 						*al = SSL_AD_DECODE_ERROR;
653b37 
 						return 0;
653b37 
 						}
653b37 
-					if (!s->tlsext_ocsp_ids
653b37 
-						&& !(s->tlsext_ocsp_ids =
653b37 
-						sk_OCSP_RESPID_new_null()))
653b37 
-						{
653b37 
-						OCSP_RESPID_free(id);
653b37 
-						*al = SSL_AD_INTERNAL_ERROR;
653b37 
-						return 0;
653b37 
-						}
653b37 
 					if (!sk_OCSP_RESPID_push(
653b37 
 							s->tlsext_ocsp_ids, id))
653b37 
 						{

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation