fix CVE-2015-3420: SSL/TLS handshake failures leading to a crash of the login process

This commit is contained in:
Michal Hlavinka 2015-04-28 15:43:34 +02:00
parent 907076b191
commit 51f4fff5f1
2 changed files with 70 additions and 1 deletions

View File

@ -0,0 +1,62 @@
# HG changeset patch
# User Timo Sirainen <tss@iki.fi>
# Date 1430213224 -7200
# Node ID 86f5353757500a8c53aa708282bbdd77ac270011
# Parent a2d342257b25e10e7c6c1aaade9e49d22d849c05
*-login: Don't try to flush SSL output if SSL handshake fails.
This fixes a crash on failed handshakes on some OpenSSL builds.
diff -r a2d342257b25 -r 86f535375750 src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c Sat Apr 25 12:16:07 2015 +0300
+++ b/src/login-common/ssl-proxy-openssl.c Tue Apr 28 11:27:04 2015 +0200
@@ -80,6 +80,7 @@
unsigned int cert_broken:1;
unsigned int client_proxy:1;
unsigned int flushing:1;
+ unsigned int failed:1;
};
struct ssl_parameters {
@@ -131,6 +132,12 @@
static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set);
#endif
+static void ssl_proxy_destroy_failed(struct ssl_proxy *proxy)
+{
+ proxy->failed = TRUE;
+ ssl_proxy_destroy(proxy);
+}
+
static unsigned int ssl_server_context_hash(const struct ssl_server_context *ctx)
{
unsigned int i, g, h = 0;
@@ -462,7 +469,7 @@
if (errstr != NULL) {
proxy->last_error = i_strdup(errstr);
- ssl_proxy_destroy(proxy);
+ ssl_proxy_destroy_failed(proxy);
}
ssl_proxy_unref(proxy);
}
@@ -492,7 +499,7 @@
if (proxy->handshake_callback != NULL) {
if (proxy->handshake_callback(proxy->handshake_context) < 0)
- ssl_proxy_destroy(proxy);
+ ssl_proxy_destroy_failed(proxy);
}
}
@@ -822,7 +829,8 @@
if (proxy->destroyed || proxy->flushing)
return;
proxy->flushing = TRUE;
- ssl_proxy_flush(proxy);
+ if (!proxy->failed && proxy->handshaked)
+ ssl_proxy_flush(proxy);
proxy->destroyed = TRUE;
ssl_proxy_count--;

View File

@ -5,7 +5,7 @@ Name: dovecot
Epoch: 1 Epoch: 1
Version: 2.2.16 Version: 2.2.16
%global prever %{nil} %global prever %{nil}
Release: 1%{?dist} Release: 2%{?dist}
#dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2
License: MIT and LGPLv2 License: MIT and LGPLv2
Group: System Environment/Daemons Group: System Environment/Daemons
@ -37,6 +37,9 @@ Patch5: dovecot-2.1-privatetmp.patch
Patch6: dovecot-2.1.10-waitonline.patch Patch6: dovecot-2.1.10-waitonline.patch
Patch7: dovecot-2.2.13-online.patch Patch7: dovecot-2.2.13-online.patch
# for dovecot <= 2.2.16, rhbz#1216057
Patch8: dovecot-2.1.6-86f535375750.patch
Source15: prestartscript Source15: prestartscript
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -133,6 +136,7 @@ This package provides the development files for dovecot.
%patch5 -p1 -b .privatetmp %patch5 -p1 -b .privatetmp
%patch6 -p1 -b .waitonline %patch6 -p1 -b .waitonline
%patch7 -p1 -b .online %patch7 -p1 -b .online
%patch8 -p1 -b .86f535375750
#pushd dovecot-2*2-pigeonhole-%{pigeonholever} #pushd dovecot-2*2-pigeonhole-%{pigeonholever}
#popd #popd
sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in
@ -492,6 +496,9 @@ make check
%{_libdir}/%{name}/dict/libdriver_pgsql.so %{_libdir}/%{name}/dict/libdriver_pgsql.so
%changelog %changelog
* Tue Apr 28 2015 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.16-2
- fix CVE-2015-3420: SSL/TLS handshake failures leading to a crash of the login process
* Mon Mar 16 2015 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.16-1 * Mon Mar 16 2015 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.16-1
- dovecot updated to 2.2.16 - dovecot updated to 2.2.16
- auth: Don't crash if master user login is attempted without - auth: Don't crash if master user login is attempted without