openssl/openssl-1.0.0-beta4-cve-2009-4355.patch

Modify compression code so it frees up structures without using the
ex_data callbacks. This works around a problem where some applications
call CRYPTO_free_all_ex_data() before application exit (e.g. when
restarting) then use compression (e.g. SSL with compression) later.
This results in significant per-connection memory leaks and
has caused some security issues including CVE-2008-1678 and
CVE-2009-4355.
[Steve Henson]
diff -up openssl-1.0.0-beta4/crypto/comp/c_zlib.c.compleak openssl-1.0.0-beta4/crypto/comp/c_zlib.c
--- openssl-1.0.0-beta4/crypto/comp/c_zlib.c.compleak	2008-12-13 18:19:40.000000000 +0100
+++ openssl-1.0.0-beta4/crypto/comp/c_zlib.c	2010-01-13 22:06:20.000000000 +0100
@@ -136,15 +136,6 @@ struct zlib_state
 
 static int zlib_stateful_ex_idx = -1;
 
-static void zlib_stateful_free_ex_data(void *obj, void *item,
-	CRYPTO_EX_DATA *ad, int ind,long argl, void *argp)
-	{
-	struct zlib_state *state = (struct zlib_state *)item;
-	inflateEnd(&state->istream);
-	deflateEnd(&state->ostream);
-	OPENSSL_free(state);
-	}
-
 static int zlib_stateful_init(COMP_CTX *ctx)
 	{
 	int err;
@@ -188,6 +179,12 @@ static int zlib_stateful_init(COMP_CTX *
 
 static void zlib_stateful_finish(COMP_CTX *ctx)
 	{
+	struct zlib_state *state =
+		(struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
+			zlib_stateful_ex_idx);
+	inflateEnd(&state->istream);
+	deflateEnd(&state->ostream);
+	OPENSSL_free(state);
 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
 	}
 
@@ -402,7 +399,7 @@ COMP_METHOD *COMP_zlib(void)
 			if (zlib_stateful_ex_idx == -1)
 				zlib_stateful_ex_idx =
 					CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,
-						0,NULL,NULL,NULL,zlib_stateful_free_ex_data);
+						0,NULL,NULL,NULL,NULL);
 			CRYPTO_w_unlock(CRYPTO_LOCK_COMP);
 			if (zlib_stateful_ex_idx == -1)
 				goto err;
- fix CVE-2009-4355 - leak in applications incorrectly calling CRYPTO_free_all_ex_data() before application exit (#546707) - upstream fix for future TLS protocol version handling 2010-01-14 08:57:34 +00:00			`Modify compression code so it frees up structures without using the`
			`ex_data callbacks. This works around a problem where some applications`
			`call CRYPTO_free_all_ex_data() before application exit (e.g. when`
			`restarting) then use compression (e.g. SSL with compression) later.`
			`This results in significant per-connection memory leaks and`
			`has caused some security issues including CVE-2008-1678 and`
			`CVE-2009-4355.`
			`[Steve Henson]`
			`diff -up openssl-1.0.0-beta4/crypto/comp/c_zlib.c.compleak openssl-1.0.0-beta4/crypto/comp/c_zlib.c`
			`--- openssl-1.0.0-beta4/crypto/comp/c_zlib.c.compleak 2008-12-13 18:19:40.000000000 +0100`
			`+++ openssl-1.0.0-beta4/crypto/comp/c_zlib.c 2010-01-13 22:06:20.000000000 +0100`
			`@@ -136,15 +136,6 @@ struct zlib_state`

			`static int zlib_stateful_ex_idx = -1;`

			`-static void zlib_stateful_free_ex_data(void obj, void item,`
			`- CRYPTO_EX_DATA ad, int ind,long argl, void argp)`
			`- {`
			`- struct zlib_state state = (struct zlib_state )item;`
			`- inflateEnd(&state->istream);`
			`- deflateEnd(&state->ostream);`
			`- OPENSSL_free(state);`
			`- }`
			`-`
			`static int zlib_stateful_init(COMP_CTX *ctx)`
			`{`
			`int err;`
			`@@ -188,6 +179,12 @@ static int zlib_stateful_init(COMP_CTX *`

			`static void zlib_stateful_finish(COMP_CTX *ctx)`
			`{`
			`+ struct zlib_state *state =`
			`+ (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,`
			`+ zlib_stateful_ex_idx);`
			`+ inflateEnd(&state->istream);`
			`+ deflateEnd(&state->ostream);`
			`+ OPENSSL_free(state);`
			`CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);`
			`}`

			`@@ -402,7 +399,7 @@ COMP_METHOD *COMP_zlib(void)`
			`if (zlib_stateful_ex_idx == -1)`
			`zlib_stateful_ex_idx =`
			`CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,`
			`- 0,NULL,NULL,NULL,zlib_stateful_free_ex_data);`
			`+ 0,NULL,NULL,NULL,NULL);`
			`CRYPTO_w_unlock(CRYPTO_LOCK_COMP);`
			`if (zlib_stateful_ex_idx == -1)`
			`goto err;`