diff options
author | Xin LI <delphij@FreeBSD.org> | 2016-11-02 07:24:14 +0000 |
---|---|---|
committer | Xin LI <delphij@FreeBSD.org> | 2016-11-02 07:24:14 +0000 |
commit | 116b0b292106f3b9df76333f70bcaceeae975c2e (patch) | |
tree | 1e1c195d64d8aa050dd79ebc4b419548e162fa9a | |
parent | 5b8145031bc378f69708568b1ca9b231f7fe6fba (diff) | |
download | src-116b0b292106f3b9df76333f70bcaceeae975c2e.tar.gz src-116b0b292106f3b9df76333f70bcaceeae975c2e.zip |
Fix OpenSSL remote DoS vulnerability. [SA-16:35]
Security: FreeBSD-SA-16:35.openssl
Approved by: so
Notes
Notes:
svn path=/releng/10.2/; revision=308204
-rw-r--r-- | UPDATING | 4 | ||||
-rw-r--r-- | crypto/openssl/ssl/d1_pkt.c | 15 | ||||
-rw-r--r-- | crypto/openssl/ssl/s3_pkt.c | 15 | ||||
-rw-r--r-- | crypto/openssl/ssl/ssl.h | 1 | ||||
-rw-r--r-- | crypto/openssl/ssl/ssl3.h | 2 | ||||
-rw-r--r-- | crypto/openssl/ssl/ssl_locl.h | 2 | ||||
-rw-r--r-- | sys/conf/newvers.sh | 2 |
7 files changed, 40 insertions, 1 deletions
@@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITHOUT_CLANG to bootstrap to the tip of stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20161102 p25 FreeBSD-SA-16:35.openssl + + Fix OpenSSL remote DoS vulnerability. [SA-16:35] + 20161025 p24 FreeBSD-SA-16:15.sysarch [revised] Fix incorrect argument validation in sysarch(2). [SA-16:15] diff --git a/crypto/openssl/ssl/d1_pkt.c b/crypto/openssl/ssl/d1_pkt.c index 008b545bcb6b..e9f6beb3f61f 100644 --- a/crypto/openssl/ssl/d1_pkt.c +++ b/crypto/openssl/ssl/d1_pkt.c @@ -924,6 +924,13 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) goto start; } + /* + * Reset the count of consecutive warning alerts if we've got a non-empty + * record that isn't an alert. + */ + if (rr->type != SSL3_RT_ALERT && rr->length != 0) + s->s3->alert_count = 0; + /* we now have a packet which can be read and processed */ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, @@ -1190,6 +1197,14 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) if (alert_level == SSL3_AL_WARNING) { s->s3->warn_alert = alert_descr; + + s->s3->alert_count++; + if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS); + goto f_err; + } + if (alert_descr == SSL_AD_CLOSE_NOTIFY) { #ifndef OPENSSL_NO_SCTP /* diff --git a/crypto/openssl/ssl/s3_pkt.c b/crypto/openssl/ssl/s3_pkt.c index 25cf929a55d6..cbc348a78409 100644 --- a/crypto/openssl/ssl/s3_pkt.c +++ b/crypto/openssl/ssl/s3_pkt.c @@ -1057,6 +1057,13 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) return (ret); } + /* + * Reset the count of consecutive warning alerts if we've got a non-empty + * record that isn't an alert. + */ + if (rr->type != SSL3_RT_ALERT && rr->length != 0) + s->s3->alert_count = 0; + /* we now have a packet which can be read and processed */ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, @@ -1271,6 +1278,14 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) if (alert_level == SSL3_AL_WARNING) { s->s3->warn_alert = alert_descr; + + s->s3->alert_count++; + if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS); + goto f_err; + } + if (alert_descr == SSL_AD_CLOSE_NOTIFY) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; return (0); diff --git a/crypto/openssl/ssl/ssl.h b/crypto/openssl/ssl/ssl.h index 5af431b8458e..576e5de24cc3 100644 --- a/crypto/openssl/ssl/ssl.h +++ b/crypto/openssl/ssl/ssl.h @@ -2713,6 +2713,7 @@ void ERR_load_SSL_strings(void); # define SSL_R_TLS_HEARTBEAT_PENDING 366 # define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 +# define SSL_R_TOO_MANY_WARN_ALERTS 409 # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 # define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 diff --git a/crypto/openssl/ssl/ssl3.h b/crypto/openssl/ssl/ssl3.h index 2dd54626588a..f5d4d0b5a19d 100644 --- a/crypto/openssl/ssl/ssl3.h +++ b/crypto/openssl/ssl/ssl3.h @@ -585,6 +585,8 @@ typedef struct ssl3_state_st { char is_probably_safari; # endif /* !OPENSSL_NO_EC */ # endif /* !OPENSSL_NO_TLSEXT */ + /* Count of the number of consecutive warning alerts received */ + unsigned int alert_count; } SSL3_STATE; # endif diff --git a/crypto/openssl/ssl/ssl_locl.h b/crypto/openssl/ssl/ssl_locl.h index 4dc3dfb849cb..f4a3d1b67f85 100644 --- a/crypto/openssl/ssl/ssl_locl.h +++ b/crypto/openssl/ssl/ssl_locl.h @@ -389,6 +389,8 @@ */ # define SSL_MAX_DIGEST 6 +# define MAX_WARN_ALERT_COUNT 5 + # define TLS1_PRF_DGST_MASK (0xff << TLS1_PRF_DGST_SHIFT) # define TLS1_PRF_DGST_SHIFT 10 diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 697f5c4677d2..ddee6e96a736 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.2" -BRANCH="RELEASE-p24" +BRANCH="RELEASE-p25" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi |