← Back to branch summary

~ubuntu-branches/ubuntu/utopic/openssl/utopic

« back to all changes in this revision

Viewing changes to debian/patches/CVE-2014-3567.patch

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2014-10-16 10:56:10 UTC
  • Revision ID: package-import@ubuntu.com-20141016105610-lwozw2ngdc2k5tim
Tags: 1.0.1f-1ubuntu9
* SECURITY UPDATE: denial of service via DTLS SRTP memory leak
  - debian/patches/CVE-2014-3513.patch: fix logic in ssl/d1_srtp.c,
    ssl/srtp.h, ssl/t1_lib.c, util/mk1mf.pl, util/mkdef.pl,
    util/ssleay.num.
  - CVE-2014-3513
* SECURITY UPDATE: denial of service via session ticket integrity check
  memory leak
  - debian/patches/CVE-2014-3567.patch: perform cleanup in ssl/t1_lib.c.
  - CVE-2014-3567
* SECURITY UPDATE: fix the no-ssl3 build option
  - debian/patches/CVE-2014-3568.patch: fix conditional code in
    ssl/s23_clnt.c, ssl/s23_srvr.c.
  - CVE-2014-3568
* SECURITY IMPROVEMENT: Added TLS_FALLBACK_SCSV support to mitigate a
  protocol downgrade attack to SSLv3 that exposes the POODLE attack.
  - debian/patches/tls_fallback_scsv_support.patch: added support for
    TLS_FALLBACK_SCSV in apps/s_client.c, crypto/err/openssl.ec,
    ssl/d1_lib.c, ssl/dtls1.h, ssl/s23_clnt.c, ssl/s23_srvr.c,
    ssl/s2_lib.c, ssl/s3_enc.c, ssl/s3_lib.c, ssl/ssl.h, ssl/ssl3.h,
    ssl/ssl_err.c, ssl/ssl_lib.c, ssl/t1_enc.c, ssl/tls1.h, 
    doc/apps/s_client.pod, doc/ssl/SSL_CTX_set_mode.pod.

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/CVE-2014-3567.patch
 
1
From 7fd4ce6a997be5f5c9e744ac527725c2850de203 Mon Sep 17 00:00:00 2001
 
2
From: "Dr. Stephen Henson" <steve@openssl.org>
 
3
Date: Wed, 15 Oct 2014 01:53:55 +0100
 
4
Subject: [PATCH] Fix for session tickets memory leak.
 
5
 
 
6
CVE-2014-3567
 
7
 
 
8
Reviewed-by: Rich Salz <rsalz@openssl.org>
 
9
Reviewed-by: Matt Caswell <matt@openssl.org>
 
10
(cherry picked from commit 5dc6070a03779cd524f0e67f76c945cb0ac38320)
 
11
---
 
12
 ssl/t1_lib.c |    3 +++
 
13
 1 file changed, 3 insertions(+)
 
14
 
 
15
Index: openssl-1.0.1f/ssl/t1_lib.c
 
16
===================================================================
 
17
--- openssl-1.0.1f.orig/ssl/t1_lib.c    2014-10-15 12:55:29.709323681 -0400
 
18
+++ openssl-1.0.1f/ssl/t1_lib.c 2014-10-15 12:55:29.705323647 -0400
 
19
@@ -2319,7 +2319,10 @@
 
20
        HMAC_Final(&hctx, tick_hmac, NULL);
 
21
        HMAC_CTX_cleanup(&hctx);
 
22
        if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen))
 
23
+               {
 
24
+               EVP_CIPHER_CTX_cleanup(&ctx);
 
25
                return 2;
 
26
+               }
 
27
        /* Attempt to decrypt session data */
 
28
        /* Move p after IV to start of encrypted ticket, update length */
 
29
        p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);