Hello community,
here is the log from the commit of package libopenssl0_9_8 for openSUSE:Factory
checked in at Wed Sep 21 17:10:46 CEST 2011.
--------
--- libopenssl0_9_8/libopenssl0_9_8.changes 2010-12-09 06:00:19.000000000
+0100
+++ /mounts/work_src_done/STABLE/libopenssl0_9_8/libopenssl0_9_8.changes
2011-09-20 11:19:59.000000000 +0200
@@ -1,0 +2,6 @@
+Tue Sep 20 09:18:23 UTC 2011 - g...@suse.com
+
+- fix bug[bnc#716144] - VUL-0: openssl ECDH crash.
+ CVE-2011-3210
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
New:
----
CVE-2011-3210.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libopenssl0_9_8.spec ++++++
--- /var/tmp/diff_new_pack.w701fz/_old 2011-09-21 17:10:41.000000000 +0200
+++ /var/tmp/diff_new_pack.w701fz/_new 2011-09-21 17:10:41.000000000 +0200
@@ -35,6 +35,7 @@
Patch0: merge_from_0_9_8k.patch
Patch1: openssl-CVE-2010-0740.patch
Patch2: CVE-2010-4180.patch
+Patch3: CVE-2011-3210.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Recommends: openssl-certs
@@ -59,6 +60,7 @@
%patch0 -p1
%patch1 -p1
%patch2 -p1
+%patch3 -p1
cp -p %{S:10} .
echo "adding/overwriting some entries in the 'table' hash in Configure"
#
$dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags
++++++ CVE-2011-3210.patch ++++++
Index: openssl-0.9.8h/ssl/s3_lib.c
===================================================================
--- openssl-0.9.8h.orig/ssl/s3_lib.c
+++ openssl-0.9.8h/ssl/s3_lib.c
@@ -1722,11 +1722,17 @@ void ssl3_clear(SSL *s)
}
#ifndef OPENSSL_NO_DH
if (s->s3->tmp.dh != NULL)
+ {
DH_free(s->s3->tmp.dh);
+ s->s3->tmp.dh = NULL;
+ }
#endif
#ifndef OPENSSL_NO_ECDH
if (s->s3->tmp.ecdh != NULL)
+ {
EC_KEY_free(s->s3->tmp.ecdh);
+ s->s3->tmp.ecdh = NULL;
+ }
#endif
rp = s->s3->rbuf.buf;
Index: openssl-0.9.8h/ssl/s3_srvr.c
===================================================================
--- openssl-0.9.8h.orig/ssl/s3_srvr.c
+++ openssl-0.9.8h/ssl/s3_srvr.c
@@ -712,6 +712,13 @@ int ssl3_check_client_hello(SSL *s)
s->s3->tmp.dh = NULL;
}
#endif
+#ifndef OPENSSL_NO_ECDH
+ if (s->s3->tmp.ecdh != NULL)
+ {
+ EC_KEY_free(s->s3->tmp.ecdh);
+ s->s3->tmp.ecdh = NULL;
+ }
+#endif
return 2;
}
return 1;
@@ -1316,7 +1323,6 @@ int ssl3_send_server_key_exchange(SSL *s
if (s->s3->tmp.dh != NULL)
{
- DH_free(dh);
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -1377,7 +1383,6 @@ int ssl3_send_server_key_exchange(SSL *s
if (s->s3->tmp.ecdh != NULL)
{
- EC_KEY_free(s->s3->tmp.ecdh);
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -1388,12 +1393,11 @@ int ssl3_send_server_key_exchange(SSL *s
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
goto err;
}
- if (!EC_KEY_up_ref(ecdhp))
+ if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
{
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
goto err;
}
- ecdh = ecdhp;
s->s3->tmp.ecdh=ecdh;
if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
@@ -2247,6 +2251,12 @@ int ssl3_get_client_key_exchange(SSL *s)
/* Get encoded point length */
i = *p;
p += 1;
+ if (n != 1 + i)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_EC_LIB);
+ goto err;
+ }
if (EC_POINT_oct2point(group,
clnt_ecpoint, p, i, bn_ctx) == 0)
{
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
