|
 |
c4366c |
Fixes CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387
|
|
 |
c4366c |
DoS vulnerabilities in the DTLS implementation.
|
|
 |
c4366c |
diff -up openssl-fips-0.9.8e/crypto/pqueue/pqueue.c.dtls-dos openssl-fips-0.9.8e/crypto/pqueue/pqueue.c
|
|
 |
c4366c |
--- openssl-fips-0.9.8e/crypto/pqueue/pqueue.c.dtls-dos 2005-06-28 14:53:33.000000000 +0200
|
|
 |
c4366c |
+++ openssl-fips-0.9.8e/crypto/pqueue/pqueue.c 2009-05-21 14:41:48.000000000 +0200
|
|
 |
c4366c |
@@ -234,3 +234,17 @@ pqueue_next(pitem **item)
|
|
 |
c4366c |
|
|
 |
c4366c |
return ret;
|
|
 |
c4366c |
}
|
|
 |
c4366c |
+
|
|
 |
c4366c |
+int
|
|
 |
c4366c |
+pqueue_size(pqueue_s *pq)
|
|
 |
c4366c |
+{
|
|
 |
c4366c |
+ pitem *item = pq->items;
|
|
 |
c4366c |
+ int count = 0;
|
|
 |
c4366c |
+
|
|
 |
c4366c |
+ while(item != NULL)
|
|
 |
c4366c |
+ {
|
|
 |
c4366c |
+ count++;
|
|
 |
c4366c |
+ item = item->next;
|
|
 |
c4366c |
+ }
|
|
 |
c4366c |
+ return count;
|
|
 |
c4366c |
+}
|
|
 |
c4366c |
diff -up openssl-fips-0.9.8e/crypto/pqueue/pqueue.h.dtls-dos openssl-fips-0.9.8e/crypto/pqueue/pqueue.h
|
|
 |
c4366c |
--- openssl-fips-0.9.8e/crypto/pqueue/pqueue.h.dtls-dos 2009-04-15 13:48:50.000000000 +0200
|
|
 |
c4366c |
+++ openssl-fips-0.9.8e/crypto/pqueue/pqueue.h 2009-05-21 14:41:48.000000000 +0200
|
|
 |
c4366c |
@@ -91,5 +91,6 @@ pitem *pqueue_iterator(pqueue pq);
|
|
 |
c4366c |
pitem *pqueue_next(piterator *iter);
|
|
 |
c4366c |
|
|
 |
c4366c |
void pqueue_print(pqueue pq);
|
|
 |
c4366c |
+int pqueue_size(pqueue pq);
|
|
 |
c4366c |
|
|
 |
c4366c |
#endif /* ! HEADER_PQUEUE_H */
|
|
 |
c4366c |
diff -up openssl-fips-0.9.8e/ssl/d1_both.c.dtls-dos openssl-fips-0.9.8e/ssl/d1_both.c
|
|
 |
c4366c |
--- openssl-fips-0.9.8e/ssl/d1_both.c.dtls-dos 2009-04-15 13:48:51.000000000 +0200
|
|
 |
c4366c |
+++ openssl-fips-0.9.8e/ssl/d1_both.c 2009-06-02 15:07:31.000000000 +0200
|
|
 |
c4366c |
@@ -519,6 +519,7 @@ dtls1_retrieve_buffered_fragment(SSL *s,
|
|
 |
c4366c |
|
|
 |
c4366c |
if ( s->d1->handshake_read_seq == frag->msg_header.seq)
|
|
 |
c4366c |
{
|
|
 |
c4366c |
+ unsigned long frag_len = frag->msg_header.frag_len;
|
|
 |
c4366c |
pqueue_pop(s->d1->buffered_messages);
|
|
 |
c4366c |
|
|
 |
c4366c |
al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
|
|
 |
c4366c |
@@ -536,7 +537,7 @@ dtls1_retrieve_buffered_fragment(SSL *s,
|
|
 |
c4366c |
if (al==0)
|
|
 |
c4366c |
{
|
|
 |
c4366c |
*ok = 1;
|
|
 |
c4366c |
- return frag->msg_header.frag_len;
|
|
 |
c4366c |
+ return frag_len;
|
|
 |
c4366c |
}
|
|
 |
c4366c |
|
|
 |
c4366c |
ssl3_send_alert(s,SSL3_AL_FATAL,al);
|
|
 |
c4366c |
@@ -561,7 +562,16 @@ dtls1_process_out_of_seq_message(SSL *s,
|
|
 |
c4366c |
if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
|
|
 |
c4366c |
goto err;
|
|
 |
c4366c |
|
|
 |
c4366c |
- if (msg_hdr->seq <= s->d1->handshake_read_seq)
|
|
 |
c4366c |
+ /* Try to find item in queue, to prevent duplicate entries */
|
|
 |
c4366c |
+ pq_64bit_init(&seq64);
|
|
 |
c4366c |
+ pq_64bit_assign_word(&seq64, msg_hdr->seq);
|
|
 |
c4366c |
+ item = pqueue_find(s->d1->buffered_messages, seq64);
|
|
 |
c4366c |
+ pq_64bit_free(&seq64);
|
|
 |
c4366c |
+
|
|
 |
c4366c |
+ /* Discard the message if sequence number was already there, is
|
|
 |
c4366c |
+ * too far in the future or the fragment is already in the queue */
|
|
 |
c4366c |
+ if (msg_hdr->seq <= s->d1->handshake_read_seq ||
|
|
 |
c4366c |
+ msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL)
|
|
 |
c4366c |
{
|
|
 |
c4366c |
unsigned char devnull [256];
|
|
 |
c4366c |
|
|
 |
c4366c |
@@ -575,30 +585,31 @@ dtls1_process_out_of_seq_message(SSL *s,
|
|
 |
c4366c |
}
|
|
 |
c4366c |
}
|
|
 |
c4366c |
|
|
 |
c4366c |
- frag = dtls1_hm_fragment_new(frag_len);
|
|
 |
c4366c |
- if ( frag == NULL)
|
|
 |
c4366c |
- goto err;
|
|
 |
c4366c |
+ if (frag_len)
|
|
 |
c4366c |
+ {
|
|
 |
c4366c |
+ frag = dtls1_hm_fragment_new(frag_len);
|
|
 |
c4366c |
+ if ( frag == NULL)
|
|
 |
c4366c |
+ goto err;
|
|
 |
c4366c |
|
|
 |
c4366c |
- memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
|
|
 |
c4366c |
+ memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
|
|
 |
c4366c |
|
|
 |
c4366c |
- if (frag_len)
|
|
 |
c4366c |
- {
|
|
 |
c4366c |
- /* read the body of the fragment (header has already been read */
|
|
 |
c4366c |
+ /* read the body of the fragment (header has already been read) */
|
|
 |
c4366c |
i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
|
|
 |
c4366c |
frag->fragment,frag_len,0);
|
|
 |
c4366c |
- if (i<=0 || i!=frag_len)
|
|
 |
c4366c |
+ if (i<=0 || (unsigned long)i!=frag_len)
|
|
 |
c4366c |
goto err;
|
|
 |
c4366c |
- }
|
|
 |
c4366c |
|
|
 |
c4366c |
- pq_64bit_init(&seq64);
|
|
 |
c4366c |
- pq_64bit_assign_word(&seq64, msg_hdr->seq);
|
|
 |
c4366c |
+ pq_64bit_init(&seq64);
|
|
 |
c4366c |
+ pq_64bit_assign_word(&seq64, msg_hdr->seq);
|
|
 |
c4366c |
|
|
 |
c4366c |
- item = pitem_new(seq64, frag);
|
|
 |
c4366c |
- pq_64bit_free(&seq64);
|
|
 |
c4366c |
- if ( item == NULL)
|
|
 |
c4366c |
- goto err;
|
|
 |
c4366c |
+ item = pitem_new(seq64, frag);
|
|
 |
c4366c |
+ pq_64bit_free(&seq64);
|
|
 |
c4366c |
+ if ( item == NULL)
|
|
 |
c4366c |
+ goto err;
|
|
 |
c4366c |
+
|
|
 |
c4366c |
+ pqueue_insert(s->d1->buffered_messages, item);
|
|
 |
c4366c |
+ }
|
|
 |
c4366c |
|
|
 |
c4366c |
- pqueue_insert(s->d1->buffered_messages, item);
|
|
 |
c4366c |
return DTLS1_HM_FRAGMENT_RETRY;
|
|
 |
c4366c |
|
|
 |
c4366c |
err:
|
|
 |
c4366c |
diff -up openssl-fips-0.9.8e/ssl/d1_pkt.c.dtls-dos openssl-fips-0.9.8e/ssl/d1_pkt.c
|
|
 |
c4366c |
--- openssl-fips-0.9.8e/ssl/d1_pkt.c.dtls-dos 2009-04-15 13:48:51.000000000 +0200
|
|
 |
c4366c |
+++ openssl-fips-0.9.8e/ssl/d1_pkt.c 2009-05-21 14:41:48.000000000 +0200
|
|
 |
c4366c |
@@ -167,6 +167,10 @@ dtls1_buffer_record(SSL *s, record_pqueu
|
|
 |
c4366c |
DTLS1_RECORD_DATA *rdata;
|
|
 |
c4366c |
pitem *item;
|
|
 |
c4366c |
|
|
 |
c4366c |
+ /* Limit the size of the queue to prevent DOS attacks */
|
|
 |
c4366c |
+ if (pqueue_size(queue->q) >= 100)
|
|
 |
c4366c |
+ return 0;
|
|
 |
c4366c |
+
|
|
 |
c4366c |
rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
|
|
 |
c4366c |
item = pitem_new(priority, rdata);
|
|
 |
c4366c |
if (rdata == NULL || item == NULL)
|
|
 |
c4366c |
diff -up openssl-fips-0.9.8e/ssl/s3_pkt.c.dtls-dos openssl-fips-0.9.8e/ssl/s3_pkt.c
|
|
 |
c4366c |
--- openssl-fips-0.9.8e/ssl/s3_pkt.c.dtls-dos 2006-11-29 15:45:14.000000000 +0100
|
|
 |
c4366c |
+++ openssl-fips-0.9.8e/ssl/s3_pkt.c 2009-06-02 14:57:16.000000000 +0200
|
|
 |
c4366c |
@@ -1225,6 +1225,13 @@ int ssl3_do_change_cipher_spec(SSL *s)
|
|
 |
c4366c |
|
|
 |
c4366c |
if (s->s3->tmp.key_block == NULL)
|
|
 |
c4366c |
{
|
|
 |
c4366c |
+ if (s->session == NULL)
|
|
 |
c4366c |
+ {
|
|
 |
c4366c |
+ /* might happen if dtls1_read_bytes() calls this */
|
|
 |
c4366c |
+ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
|
|
 |
c4366c |
+ return (0);
|
|
 |
c4366c |
+ }
|
|
 |
c4366c |
+
|
|
 |
c4366c |
s->session->cipher=s->s3->tmp.new_cipher;
|
|
 |
c4366c |
if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
|
|
 |
c4366c |
}
|
|
 |
c4366c |
diff -up openssl-fips-0.9.8e/ssl/ssl_err.c.dtls-dos openssl-fips-0.9.8e/ssl/ssl_err.c
|
|
 |
c4366c |
--- openssl-fips-0.9.8e/ssl/ssl_err.c.dtls-dos 2009-04-15 13:48:51.000000000 +0200
|
|
 |
c4366c |
+++ openssl-fips-0.9.8e/ssl/ssl_err.c 2009-06-02 14:57:16.000000000 +0200
|
|
 |
c4366c |
@@ -138,6 +138,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
|
|
 |
c4366c |
{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
|
|
 |
c4366c |
{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"},
|
|
 |
c4366c |
{ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"},
|
|
 |
c4366c |
+{ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"},
|
|
 |
c4366c |
{ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"},
|
|
 |
c4366c |
{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"},
|
|
 |
c4366c |
{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"},
|
|
 |
c4366c |
diff -up openssl-fips-0.9.8e/ssl/ssl.h.dtls-dos openssl-fips-0.9.8e/ssl/ssl.h
|
|
 |
c4366c |
--- openssl-fips-0.9.8e/ssl/ssl.h.dtls-dos 2009-04-15 13:48:51.000000000 +0200
|
|
 |
c4366c |
+++ openssl-fips-0.9.8e/ssl/ssl.h 2009-06-02 14:57:16.000000000 +0200
|
|
 |
c4366c |
@@ -1620,6 +1620,7 @@ void ERR_load_SSL_strings(void);
|
|
 |
c4366c |
#define SSL_F_SSL3_CONNECT 132
|
|
 |
c4366c |
#define SSL_F_SSL3_CTRL 213
|
|
 |
c4366c |
#define SSL_F_SSL3_CTX_CTRL 133
|
|
 |
c4366c |
+#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292
|
|
 |
c4366c |
#define SSL_F_SSL3_ENC 134
|
|
 |
c4366c |
#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238
|
|
 |
c4366c |
#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
|