Hi,
I had some questions about the latest security advisory. I understand that
this applies to multi-threaded application while using ssl sessions.
If the application is written thread safe using CRYPTO_set_locking_callback
functions will the vulnerability still apply ?
If the ssl code calls the locking callback function before accessing the
internal session cache then the vulnerability should not
apply to above mentioned applications.
Please advice.
Any help on this is really appreciated.
Regards,
Nivedita
On Tue, Nov 16, 2010 at 7:15 AM, OpenSSL <open...@master.openssl.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> OpenSSL Security Advisory [16 November 2010]
>
> TLS extension parsing race condition.
> =====================================
>
> A flaw has been found in the OpenSSL TLS server extension code parsing
> which
> on affected servers can be exploited in a buffer overrun attack.
>
> The OpenSSL security team would like to thank Rob Hulswit for reporting
> this
> issue.
>
> The fix was developed by Dr Stephen Henson of the OpenSSL core team.
>
> This vulnerability is tracked as CVE-2010-3864
>
> Who is affected?
> =================
>
> All versions of OpenSSL supporting TLS extensions contain this
> vulnerability
> including OpenSSL 0.9.8f through 0.9.8o, 1.0.0, 1.0.0a releases.
>
> Any OpenSSL based TLS server is vulnerable if it is multi-threaded and uses
> OpenSSL's internal caching mechanism. Servers that are multi-process and/or
> disable internal session caching are NOT affected.
>
> In particular the Apache HTTP server (which never uses OpenSSL internal
> caching) and Stunnel (which includes its own workaround) are NOT affected.
>
> Recommendations for users of OpenSSL
> =====================================
>
> Users of all OpenSSL 0.9.8 releases from 0.9.8f through 0.9.8o should
> update
> to the OpenSSL 0.9.8p release which contains a patch to correct this issue.
>
> Users of OpenSSL 1.0.0 and 1.0.0a should update to the OpenSSL 1.0.0b
> release
> which contains a patch to correct this issue.
>
> If upgrading is not immediately possible, the relevant source code patch
> provided in this advisory should be applied.
>
> Patch for OpenSSL 0.9.8 releases
> ================================
>
> Index: ssl/t1_lib.c
> ===================================================================
> RCS file: /v/openssl/cvs/openssl/ssl/t1_lib.c,v
> retrieving revision 1.13.2.27
> diff -u -r1.13.2.27 t1_lib.c
> - --- ssl/t1_lib.c 12 Jun 2010 13:18:58 -0000 1.13.2.27
> +++ ssl/t1_lib.c 15 Nov 2010 15:20:14 -0000
> @@ -432,14 +432,23 @@
> switch (servname_type)
> {
> case TLSEXT_NAMETYPE_host_name:
> - - if (s->session->tlsext_hostname ==
> NULL)
> + if (!s->hit)
> {
> - - if (len >
> TLSEXT_MAXLEN_host_name ||
> - -
> ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL))
> +
> if(s->session->tlsext_hostname)
> + {
> + *al =
> SSL_AD_DECODE_ERROR;
> + return 0;
> + }
> + if (len >
> TLSEXT_MAXLEN_host_name)
> {
> *al =
> TLS1_AD_UNRECOGNIZED_NAME;
> return 0;
> }
> + if
> ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)
> + {
> + *al =
> TLS1_AD_INTERNAL_ERROR;
> + return 0;
> + }
>
> memcpy(s->session->tlsext_hostname, sdata, len);
>
> s->session->tlsext_hostname[len]='\0';
> if
> (strlen(s->session->tlsext_hostname) != len) {
> @@ -452,7 +461,8 @@
>
> }
> else
> - - s->servername_done =
> strlen(s->session->tlsext_hostname) == len
> + s->servername_done =
> s->session->tlsext_hostname
> + &&
> strlen(s->session->tlsext_hostname) == len
> &&
> strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
>
> break;
>
> Patch for OpenSSL 1.0.0 releases
> ================================
>
> Index: ssl/t1_lib.c
> ===================================================================
> RCS file: /v/openssl/cvs/openssl/ssl/t1_lib.c,v
> retrieving revision 1.64.2.14
> diff -u -r1.64.2.14 t1_lib.c
> - --- ssl/t1_lib.c 15 Jun 2010 17:25:15 -0000 1.64.2.14
> +++ ssl/t1_lib.c 15 Nov 2010 15:26:19 -0000
> @@ -714,14 +714,23 @@
> switch (servname_type)
> {
> case TLSEXT_NAMETYPE_host_name:
> - - if (s->session->tlsext_hostname ==
> NULL)
> + if (!s->hit)
> {
> - - if (len >
> TLSEXT_MAXLEN_host_name ||
> - -
> ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL))
> +
> if(s->session->tlsext_hostname)
> + {
> + *al =
> SSL_AD_DECODE_ERROR;
> + return 0;
> + }
> + if (len >
> TLSEXT_MAXLEN_host_name)
> {
> *al =
> TLS1_AD_UNRECOGNIZED_NAME;
> return 0;
> }
> + if
> ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)
> + {
> + *al =
> TLS1_AD_INTERNAL_ERROR;
> + return 0;
> + }
>
> memcpy(s->session->tlsext_hostname, sdata, len);
>
> s->session->tlsext_hostname[len]='\0';
> if
> (strlen(s->session->tlsext_hostname) != len) {
> @@ -734,7 +743,8 @@
>
> }
> else
> - - s->servername_done =
> strlen(s->session->tlsext_hostname) == len
> + s->servername_done =
> s->session->tlsext_hostname
> + &&
> strlen(s->session->tlsext_hostname) == len
> &&
> strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
>
> break;
> @@ -765,15 +775,22 @@
> *al = TLS1_AD_DECODE_ERROR;
> return 0;
> }
> - - s->session->tlsext_ecpointformatlist_length = 0;
> - - if (s->session->tlsext_ecpointformatlist != NULL)
> OPENSSL_free(s->session->tlsext_ecpointformatlist);
> - - if ((s->session->tlsext_ecpointformatlist =
> OPENSSL_malloc(ecpointformatlist_length)) == NULL)
> + if (!s->hit)
> {
> - - *al = TLS1_AD_INTERNAL_ERROR;
> - - return 0;
> + if(s->session->tlsext_ecpointformatlist)
> + {
> + *al = TLS1_AD_DECODE_ERROR;
> + return 0;
> + }
> + s->session->tlsext_ecpointformatlist_length
> = 0;
> + if ((s->session->tlsext_ecpointformatlist =
> OPENSSL_malloc(ecpointformatlist_length)) == NULL)
> + {
> + *al = TLS1_AD_INTERNAL_ERROR;
> + return 0;
> + }
> + s->session->tlsext_ecpointformatlist_length
> = ecpointformatlist_length;
> +
> memcpy(s->session->tlsext_ecpointformatlist, sdata,
> ecpointformatlist_length);
> }
> - - s->session->tlsext_ecpointformatlist_length =
> ecpointformatlist_length;
> - - memcpy(s->session->tlsext_ecpointformatlist, sdata,
> ecpointformatlist_length);
> #if 0
> fprintf(stderr,"ssl_parse_clienthello_tlsext
> s->session->tlsext_ecpointformatlist (length=%i) ",
> s->session->tlsext_ecpointformatlist_length);
> sdata = s->session->tlsext_ecpointformatlist;
> @@ -794,15 +811,22 @@
> *al = TLS1_AD_DECODE_ERROR;
> return 0;
> }
> - - s->session->tlsext_ellipticcurvelist_length = 0;
> - - if (s->session->tlsext_ellipticcurvelist != NULL)
> OPENSSL_free(s->session->tlsext_ellipticcurvelist);
> - - if ((s->session->tlsext_ellipticcurvelist =
> OPENSSL_malloc(ellipticcurvelist_length)) == NULL)
> + if (!s->hit)
> {
> - - *al = TLS1_AD_INTERNAL_ERROR;
> - - return 0;
> + if(s->session->tlsext_ellipticcurvelist)
> + {
> + *al = TLS1_AD_DECODE_ERROR;
> + return 0;
> + }
> + s->session->tlsext_ellipticcurvelist_length
> = 0;
> + if ((s->session->tlsext_ellipticcurvelist =
> OPENSSL_malloc(ellipticcurvelist_length)) == NULL)
> + {
> + *al = TLS1_AD_INTERNAL_ERROR;
> + return 0;
> + }
> + s->session->tlsext_ellipticcurvelist_length
> = ellipticcurvelist_length;
> +
> memcpy(s->session->tlsext_ellipticcurvelist, sdata,
> ellipticcurvelist_length);
> }
> - - s->session->tlsext_ellipticcurvelist_length =
> ellipticcurvelist_length;
> - - memcpy(s->session->tlsext_ellipticcurvelist, sdata,
> ellipticcurvelist_length);
> #if 0
> fprintf(stderr,"ssl_parse_clienthello_tlsext
> s->session->tlsext_ellipticcurvelist (length=%i) ",
> s->session->tlsext_ellipticcurvelist_length);
> sdata = s->session->tlsext_ellipticcurvelist;
>
>
> References
> ===========
>
> URL for this Security Advisory:
> http://www.openssl.org/news/secadv_20101116.txt
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iQEVAwUBTOKStqLSm3vylcdZAQLB6gf+P8bp6sBcGN7NLsgO2HpcvkbrTOWLpa70
> 00rpXLjgS4gcCod/JjTtVJ0g6g5VNKpiQeTY6YQ4RFMrpt32b7DvtXjob99kcHHZ
> haPug84pZpGh382FblatFxm1ujVlH2O2VRzFVrbd7YNHv07yKKoBxz1AE0OccUjH
> gF0gjg0H5ICHLCbXn9pUJuxdDogLKUV+M5YsmcjEJpiu27Jazvb3iMDuIkCA3aXJ
> 2W64c0SEH6RlLMtkuDb6celF7J4iocAXPfj0HZCkVWS2/Fq36lDkYaOWPBinsNt7
> MlRCIdwtEKxwFKSF4tL4r4i0hfgovI/YvxhQ5hzi/pv45GJqedCb7g==
> =e2kX
> -----END PGP SIGNATURE-----
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
>
