← Back to branch summary

~ubuntu-branches/ubuntu/trusty/openssl/trusty

« back to all changes in this revision

Viewing changes to debian/patches/CVE-2014-0160.patch

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2014-04-07 15:37:53 UTC
  • Revision ID: package-import@ubuntu.com-20140407153753-or3s6s6cmebt6fy2
Tags: 1.0.1f-1ubuntu2
* SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
  - debian/patches/CVE-2014-0076.patch: add and use constant time swap in
    crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
    util/libeay.num.
  - CVE-2014-0076
* SECURITY UPDATE: memory disclosure in TLS heartbeat extension
  - debian/patches/CVE-2014-0160.patch: use correct lengths in
    ssl/d1_both.c, ssl/t1_lib.c.
  - CVE-2014-0160

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/CVE-2014-0160.patch
 
1
Description: fix memory disclosure in TLS heartbeat extension
 
2
Origin: upstream, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3
 
3
 
 
4
Index: openssl-1.0.1f/ssl/d1_both.c
 
5
===================================================================
 
6
--- openssl-1.0.1f.orig/ssl/d1_both.c   2014-01-06 08:47:42.000000000 -0500
 
7
+++ openssl-1.0.1f/ssl/d1_both.c        2014-04-07 15:37:38.548342862 -0400
 
8
@@ -1459,26 +1459,36 @@
 
9
        unsigned int payload;
 
10
        unsigned int padding = 16; /* Use minimum padding */
 
11
 
 
12
-       /* Read type and payload length first */
 
13
-       hbtype = *p++;
 
14
-       n2s(p, payload);
 
15
-       pl = p;
 
16
-
 
17
        if (s->msg_callback)
 
18
                s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
 
19
                        &s->s3->rrec.data[0], s->s3->rrec.length,
 
20
                        s, s->msg_callback_arg);
 
21
 
 
22
+       /* Read type and payload length first */
 
23
+       if (1 + 2 + 16 > s->s3->rrec.length)
 
24
+               return 0; /* silently discard */
 
25
+       hbtype = *p++;
 
26
+       n2s(p, payload);
 
27
+       if (1 + 2 + payload + 16 > s->s3->rrec.length)
 
28
+               return 0; /* silently discard per RFC 6520 sec. 4 */
 
29
+       pl = p;
 
30
+
 
31
        if (hbtype == TLS1_HB_REQUEST)
 
32
                {
 
33
                unsigned char *buffer, *bp;
 
34
+               unsigned int write_length = 1 /* heartbeat type */ +
 
35
+                                           2 /* heartbeat length */ +
 
36
+                                           payload + padding;
 
37
                int r;
 
38
 
 
39
+               if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
 
40
+                       return 0;
 
41
+
 
42
                /* Allocate memory for the response, size is 1 byte
 
43
                 * message type, plus 2 bytes payload length, plus
 
44
                 * payload, plus padding
 
45
                 */
 
46
-               buffer = OPENSSL_malloc(1 + 2 + payload + padding);
 
47
+               buffer = OPENSSL_malloc(write_length);
 
48
                bp = buffer;
 
49
 
 
50
                /* Enter response type, length and copy payload */
 
51
@@ -1489,11 +1499,11 @@
 
52
                /* Random padding */
 
53
                RAND_pseudo_bytes(bp, padding);
 
54
 
 
55
-               r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
 
56
+               r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
 
57
 
 
58
                if (r >= 0 && s->msg_callback)
 
59
                        s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
 
60
-                               buffer, 3 + payload + padding,
 
61
+                               buffer, write_length,
 
62
                                s, s->msg_callback_arg);
 
63
 
 
64
                OPENSSL_free(buffer);
 
65
Index: openssl-1.0.1f/ssl/t1_lib.c
 
66
===================================================================
 
67
--- openssl-1.0.1f.orig/ssl/t1_lib.c    2014-01-06 08:47:42.000000000 -0500
 
68
+++ openssl-1.0.1f/ssl/t1_lib.c 2014-04-07 15:37:38.548342862 -0400
 
69
@@ -2558,16 +2558,20 @@
 
70
        unsigned int payload;
 
71
        unsigned int padding = 16; /* Use minimum padding */
 
72
 
 
73
-       /* Read type and payload length first */
 
74
-       hbtype = *p++;
 
75
-       n2s(p, payload);
 
76
-       pl = p;
 
77
-
 
78
        if (s->msg_callback)
 
79
                s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
 
80
                        &s->s3->rrec.data[0], s->s3->rrec.length,
 
81
                        s, s->msg_callback_arg);
 
82
 
 
83
+       /* Read type and payload length first */
 
84
+       if (1 + 2 + 16 > s->s3->rrec.length)
 
85
+               return 0; /* silently discard */
 
86
+       hbtype = *p++;
 
87
+       n2s(p, payload);
 
88
+       if (1 + 2 + payload + 16 > s->s3->rrec.length)
 
89
+               return 0; /* silently discard per RFC 6520 sec. 4 */
 
90
+       pl = p;
 
91
+
 
92
        if (hbtype == TLS1_HB_REQUEST)
 
93
                {
 
94
                unsigned char *buffer, *bp;