The branch OpenSSL_1_0_0-stable has been updated via f93aad4a56a1580a109785c2c922fe6b8baf7df9 (commit) via ce052c8437fb97cbc57f034fa94b5bcd749dbf52 (commit) via a402b2b7bcff8d6901aa771e49c45cf38836e7bf (commit) via d275dbe6eb7b720b8920f712eea79044f845a4bb (commit) via cf432b3b1bd7caa22943b41b94ec2472ae497dc6 (commit) from 015b17257855e31003eb29a70280764c3c822710 (commit)
- Log ----------------------------------------------------------------- commit f93aad4a56a1580a109785c2c922fe6b8baf7df9 Author: Matt Caswell <m...@openssl.org> Date: Thu Dec 3 14:57:35 2015 +0000 Prepare for 1.0.0u-dev Reviewed-by: Richard Levitte <levi...@openssl.org> commit ce052c8437fb97cbc57f034fa94b5bcd749dbf52 Author: Matt Caswell <m...@openssl.org> Date: Thu Dec 3 14:56:22 2015 +0000 Prepare for 1.0.0t release Reviewed-by: Richard Levitte <levi...@openssl.org> commit a402b2b7bcff8d6901aa771e49c45cf38836e7bf Author: Matt Caswell <m...@openssl.org> Date: Tue Dec 1 14:39:47 2015 +0000 Update CHANGES and NEWS Update the CHANGES and NEWS files for the new release. Reviewed-by: Rich Salz <rs...@openssl.org> commit d275dbe6eb7b720b8920f712eea79044f845a4bb Author: Dr. Stephen Henson <st...@openssl.org> Date: Mon Feb 23 12:57:50 2015 +0000 Free up passed ASN.1 structure if reused. Change the "reuse" behaviour in ASN1_item_d2i: if successful the old structure is freed and a pointer to the new one used. If it is not successful then the passed structure is untouched. Exception made for primitive types so ssl_asn1.c still works. Reviewed-by: Tim Hudson <t...@openssl.org> Reviewed-by: Emilia Käsper <emi...@openssl.org> Conflicts: doc/crypto/d2i_X509.pod commit cf432b3b1bd7caa22943b41b94ec2472ae497dc6 Author: Dr. Stephen Henson <st...@openssl.org> Date: Tue Nov 10 19:03:07 2015 +0000 Fix leak with ASN.1 combine. When parsing a combined structure pass a flag to the decode routine so on error a pointer to the parent structure is not zeroed as this will leak any additional components in the parent. This can leak memory in any application parsing PKCS#7 or CMS structures. CVE-2015-3195. Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using libFuzzer. PR#4131 Reviewed-by: Richard Levitte <levi...@openssl.org> ----------------------------------------------------------------------- Summary of changes: CHANGES | 25 ++++++++++++++++++++++++- NEWS | 7 ++++++- README | 2 +- crypto/asn1/tasn_dec.c | 21 +++++++++++++++------ crypto/opensslv.h | 6 +++--- doc/crypto/d2i_X509.pod | 10 +++++++++- openssl.spec | 2 +- 7 files changed, 59 insertions(+), 14 deletions(-) diff --git a/CHANGES b/CHANGES index ccf2c03..9cea9e6 100644 --- a/CHANGES +++ b/CHANGES @@ -2,10 +2,33 @@ OpenSSL CHANGES _______________ - Changes between 1.0.0s and 1.0.0t [xx XXX xxxx] + Changes between 1.0.0t and 1.0.0u [xx XXX xxxx] *) + Changes between 1.0.0s and 1.0.0t [3 Dec 2015] + + *) X509_ATTRIBUTE memory leak + + When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak + memory. This structure is used by the PKCS#7 and CMS routines so any + application which reads PKCS#7 or CMS data from untrusted sources is + affected. SSL/TLS is not affected. + + This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using + libFuzzer. + (CVE-2015-3195) + [Stephen Henson] + + *) Race condition handling PSK identify hint + + If PSK identity hints are received by a multi-threaded client then + the values are wrongly updated in the parent SSL_CTX structure. This can + result in a race condition potentially leading to a double free of the + identify hint data. + (CVE-2015-3196) + [Stephen Henson] + Changes between 1.0.0r and 1.0.0s [11 Jun 2015] *) Malformed ECParameters causes infinite loop diff --git a/NEWS b/NEWS index 99ba960..d688d4b 100644 --- a/NEWS +++ b/NEWS @@ -5,10 +5,15 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.0s and OpenSSL 1.0.0t [under development] + Major changes between OpenSSL 1.0.0t and OpenSSL 1.0.0u [under development] o + Major changes between OpenSSL 1.0.0s and OpenSSL 1.0.0t [3 Dec 2015] + + o X509_ATTRIBUTE memory leak (CVE-2015-3195) + o Race condition handling PSK identify hint (CVE-2015-3196) + Major changes between OpenSSL 1.0.0r and OpenSSL 1.0.0s [11 Jun 2015] o Malformed ECParameters causes infinite loop (CVE-2015-1788) diff --git a/README b/README index 1a70b7f..f2f62b0 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.0.0t-dev + OpenSSL 1.0.0u-dev Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 7fd336a..f56eb4c 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -140,11 +140,17 @@ ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, { ASN1_TLC c; ASN1_VALUE *ptmpval = NULL; - if (!pval) - pval = &ptmpval; asn1_tlc_clear_nc(&c); - if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) - return *pval; + if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE) + ptmpval = *pval; + if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) { + if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) { + if (*pval) + ASN1_item_free(*pval, it); + *pval = ptmpval; + } + return ptmpval; + } return NULL; } @@ -180,6 +186,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, int otag; int ret = 0; ASN1_VALUE **pchptr, *ptmpval; + int combine = aclass & ASN1_TFLG_COMBINE; + aclass &= ~ASN1_TFLG_COMBINE; if (!pval) return 0; if (aux && aux->asn1_cb) @@ -500,7 +508,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, auxerr: ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); err: - ASN1_item_ex_free(pval, it); + if (combine == 0) + ASN1_item_ex_free(pval, it); if (errtt) ERR_add_error_data(4, "Field=", errtt->field_name, ", Type=", it->sname); @@ -689,7 +698,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, } else { /* Nothing special */ ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), - -1, 0, opt, ctx); + -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); goto err; diff --git a/crypto/opensslv.h b/crypto/opensslv.h index 5f79fb0..3f7c741 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -26,11 +26,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x10000140L +# define OPENSSL_VERSION_NUMBER 0x10000150L # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0t-fips-dev xx XXX xxxx" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0u-fips-dev xx XXX xxxx" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0t-dev xx XXX xxxx" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0u-dev xx XXX xxxx" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/doc/crypto/d2i_X509.pod b/doc/crypto/d2i_X509.pod index 298ec54..6fed4b1 100644 --- a/doc/crypto/d2i_X509.pod +++ b/doc/crypto/d2i_X509.pod @@ -199,6 +199,12 @@ B<*px> is valid is broken and some parts of the reused structure may persist if they are not present in the new one. As a result the use of this "reuse" behaviour is strongly discouraged. +Current versions of OpenSSL will not modify B<*px> if an error occurs. +If parsing succeeds then B<*px> is freed (if it is not NULL) and then +set to the value of the newly decoded structure. As a result B<*px> +B<must not> be allocated on the stack or an attempt will be made to +free an invalid pointer. + i2d_X509() will not return an error in many versions of OpenSSL, if mandatory fields are not initialized due to a programming error then the encoded structure may contain invalid data or omit the @@ -210,7 +216,9 @@ always succeed. d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure or B<NULL> if an error occurs. The error code that can be obtained by -L<ERR_get_error(3)|ERR_get_error(3)>. +L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used +with a valid X509 structure being passed in via B<px> then the object is not +modified in the event of error. i2d_X509() returns the number of bytes successfully encoded or a negative value if an error occurs. The error code can be obtained by diff --git a/openssl.spec b/openssl.spec index e282aca..a45c687 100644 --- a/openssl.spec +++ b/openssl.spec @@ -6,7 +6,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: 1.0.0t +Version: 1.0.0u Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits