forked from rpms/openssl
- fix CVE-2009-4355 - leak in applications incorrectly calling
CRYPTO_free_all_ex_data() before application exit (#546707) - upstream fix for future TLS protocol version handling
This commit is contained in:
parent
7f0747ce73
commit
79249339a7
49
openssl-1.0.0-beta4-cve-2009-4355.patch
Normal file
49
openssl-1.0.0-beta4-cve-2009-4355.patch
Normal file
@ -0,0 +1,49 @@
|
|||||||
|
Modify compression code so it frees up structures without using the
|
||||||
|
ex_data callbacks. This works around a problem where some applications
|
||||||
|
call CRYPTO_free_all_ex_data() before application exit (e.g. when
|
||||||
|
restarting) then use compression (e.g. SSL with compression) later.
|
||||||
|
This results in significant per-connection memory leaks and
|
||||||
|
has caused some security issues including CVE-2008-1678 and
|
||||||
|
CVE-2009-4355.
|
||||||
|
[Steve Henson]
|
||||||
|
diff -up openssl-1.0.0-beta4/crypto/comp/c_zlib.c.compleak openssl-1.0.0-beta4/crypto/comp/c_zlib.c
|
||||||
|
--- openssl-1.0.0-beta4/crypto/comp/c_zlib.c.compleak 2008-12-13 18:19:40.000000000 +0100
|
||||||
|
+++ openssl-1.0.0-beta4/crypto/comp/c_zlib.c 2010-01-13 22:06:20.000000000 +0100
|
||||||
|
@@ -136,15 +136,6 @@ struct zlib_state
|
||||||
|
|
||||||
|
static int zlib_stateful_ex_idx = -1;
|
||||||
|
|
||||||
|
-static void zlib_stateful_free_ex_data(void *obj, void *item,
|
||||||
|
- CRYPTO_EX_DATA *ad, int ind,long argl, void *argp)
|
||||||
|
- {
|
||||||
|
- struct zlib_state *state = (struct zlib_state *)item;
|
||||||
|
- inflateEnd(&state->istream);
|
||||||
|
- deflateEnd(&state->ostream);
|
||||||
|
- OPENSSL_free(state);
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
static int zlib_stateful_init(COMP_CTX *ctx)
|
||||||
|
{
|
||||||
|
int err;
|
||||||
|
@@ -188,6 +179,12 @@ static int zlib_stateful_init(COMP_CTX *
|
||||||
|
|
||||||
|
static void zlib_stateful_finish(COMP_CTX *ctx)
|
||||||
|
{
|
||||||
|
+ struct zlib_state *state =
|
||||||
|
+ (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
|
||||||
|
+ zlib_stateful_ex_idx);
|
||||||
|
+ inflateEnd(&state->istream);
|
||||||
|
+ deflateEnd(&state->ostream);
|
||||||
|
+ OPENSSL_free(state);
|
||||||
|
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -402,7 +399,7 @@ COMP_METHOD *COMP_zlib(void)
|
||||||
|
if (zlib_stateful_ex_idx == -1)
|
||||||
|
zlib_stateful_ex_idx =
|
||||||
|
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,
|
||||||
|
- 0,NULL,NULL,NULL,zlib_stateful_free_ex_data);
|
||||||
|
+ 0,NULL,NULL,NULL,NULL);
|
||||||
|
CRYPTO_w_unlock(CRYPTO_LOCK_COMP);
|
||||||
|
if (zlib_stateful_ex_idx == -1)
|
||||||
|
goto err;
|
27
openssl-1.0.0-beta4-tlsver.patch
Normal file
27
openssl-1.0.0-beta4-tlsver.patch
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
Fix handling of future TLS versions.
|
||||||
|
diff -up openssl-1.0.0-beta4/ssl/s23_srvr.c.tlsver openssl-1.0.0-beta4/ssl/s23_srvr.c
|
||||||
|
--- openssl-1.0.0-beta4/ssl/s23_srvr.c.tlsver 2010-01-12 22:20:15.000000000 +0100
|
||||||
|
+++ openssl-1.0.0-beta4/ssl/s23_srvr.c 2010-01-13 22:02:47.000000000 +0100
|
||||||
|
@@ -315,7 +315,7 @@ int ssl23_get_client_hello(SSL *s)
|
||||||
|
(p[1] == SSL3_VERSION_MAJOR) &&
|
||||||
|
(p[5] == SSL3_MT_CLIENT_HELLO) &&
|
||||||
|
((p[3] == 0 && p[4] < 5 /* silly record length? */)
|
||||||
|
- || (p[9] == p[1])))
|
||||||
|
+ || (p[9] >= p[1])))
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
* SSLv3 or tls1 header
|
||||||
|
@@ -339,6 +339,13 @@ int ssl23_get_client_hello(SSL *s)
|
||||||
|
v[1] = TLS1_VERSION_MINOR;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
+ /* if major version number > 3 set minor to a value
|
||||||
|
+ * which will use the highest version 3 we support.
|
||||||
|
+ * If TLS 2.0 ever appears we will need to revise
|
||||||
|
+ * this....
|
||||||
|
+ */
|
||||||
|
+ else if (p[9] > SSL3_VERSION_MAJOR)
|
||||||
|
+ v[1]=0xff;
|
||||||
|
else
|
||||||
|
v[1]=p[10]; /* minor version according to client_version */
|
||||||
|
if (v[1] >= TLS1_VERSION_MINOR)
|
11
openssl.spec
11
openssl.spec
@ -23,7 +23,7 @@
|
|||||||
Summary: A general purpose cryptography library with TLS implementation
|
Summary: A general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 1.0.0
|
Version: 1.0.0
|
||||||
Release: 0.18.%{beta}%{?dist}
|
Release: 0.19.%{beta}%{?dist}
|
||||||
# We remove certain patented algorithms from the openssl source tarball
|
# We remove certain patented algorithms from the openssl source tarball
|
||||||
# with the hobble-openssl script which is included below.
|
# with the hobble-openssl script which is included below.
|
||||||
Source: openssl-%{version}-%{beta}-usa.tar.bz2
|
Source: openssl-%{version}-%{beta}-usa.tar.bz2
|
||||||
@ -73,6 +73,8 @@ Patch66: openssl-1.0.0-beta4-backports2.patch
|
|||||||
Patch67: openssl-1.0.0-beta4-reneg-scsv.patch
|
Patch67: openssl-1.0.0-beta4-reneg-scsv.patch
|
||||||
Patch68: openssl-1.0.0-beta4-tls-comp.patch
|
Patch68: openssl-1.0.0-beta4-tls-comp.patch
|
||||||
Patch69: openssl-1.0.0-beta4-aesni.patch
|
Patch69: openssl-1.0.0-beta4-aesni.patch
|
||||||
|
Patch70: openssl-1.0.0-beta4-tlsver.patch
|
||||||
|
Patch71: openssl-1.0.0-beta4-cve-2009-4355.patch
|
||||||
|
|
||||||
License: OpenSSL
|
License: OpenSSL
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
@ -162,6 +164,8 @@ from other formats to the formats used by the OpenSSL toolkit.
|
|||||||
%patch67 -p1 -b .scsv
|
%patch67 -p1 -b .scsv
|
||||||
%patch68 -p1 -b .tls-comp
|
%patch68 -p1 -b .tls-comp
|
||||||
%patch69 -p1 -b .aesni
|
%patch69 -p1 -b .aesni
|
||||||
|
%patch70 -p1 -b .tlsver
|
||||||
|
%patch71 -p1 -b .compleak
|
||||||
|
|
||||||
# Modify the various perl scripts to reference perl in the right location.
|
# Modify the various perl scripts to reference perl in the right location.
|
||||||
perl util/perlpath.pl `dirname %{__perl}`
|
perl util/perlpath.pl `dirname %{__perl}`
|
||||||
@ -410,6 +414,11 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
|
|||||||
%postun -p /sbin/ldconfig
|
%postun -p /sbin/ldconfig
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jan 14 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.19.beta4
|
||||||
|
- fix CVE-2009-4355 - leak in applications incorrectly calling
|
||||||
|
CRYPTO_free_all_ex_data() before application exit (#546707)
|
||||||
|
- upstream fix for future TLS protocol version handling
|
||||||
|
|
||||||
* Wed Jan 13 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.18.beta4
|
* Wed Jan 13 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.18.beta4
|
||||||
- add support for Intel AES-NI
|
- add support for Intel AES-NI
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user