subject:"Bug#801413\: wheezy\: update for polarssl's CVE\-2015\-5291"

Bug#801413: wheezy: update for polarssl's CVE-2015-5291

2016-02-06 Thread Guido Günther

On Sat, Feb 06, 2016 at 11:42:34AM +0100, Sébastien Delafond wrote:
> On Feb/06, Guido Günther wrote:
> > > A few things on the debdiff you just posted:
> > > - The attachment came though in ISO-8859-1 instead of UTF-8 and
> > >   lintian didn't like it. Hopefully the file is ok on your machine
> > >   though.
> > > - I think the ssl-server-test needs an 'isolation-container'
> > >   restriction since it opens TCP ports.
> 
> Hi Guido,
> 
> can I get the updated debdiff ? I'm about to review it.

Attached. I've trimmed the CC: list a little to reduce the noise. Feel
free to readd lists as you see fit.

Cheers,
 -- Guido
diff --git a/debian/changelog b/debian/changelog
index a0b698f..2952b8f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+polarssl (1.3.9-2.2) jessie-security; urgency=high
+
+  * Non-maintainer upload by the LTS Team.
+  * Backport pathes for CVE-2015-5291 and CVE-2015-8036
+(Closes: #801413)
+  * Add simple smoke test
+
+ -- Guido Günther   Fri, 05 Feb 2016 13:41:23 +0100
+
 polarssl (1.3.9-2.1) unstable; urgency=high
 
   * Non-maintainer upload.
diff --git a/debian/patches/CVE-2015-5291-Added-max-length-checking-of-hostname.patch b/debian/patches/CVE-2015-5291-Added-max-length-checking-of-hostname.patch
new file mode 100644
index 000..dd17324
--- /dev/null
+++ b/debian/patches/CVE-2015-5291-Added-max-length-checking-of-hostname.patch
@@ -0,0 +1,37 @@
+From: Simon Butcher 
+Date: Tue, 29 Sep 2015 23:27:20 +0100
+Subject: CVE-2015-5291: Added max length checking of hostname
+
+(cherry picked from commit c988f32adde62a169ba340fee0da15aecd40e76e)
+---
+ include/polarssl/ssl.h | 2 ++
+ library/ssl_tls.c  | 3 +++
+ 2 files changed, 5 insertions(+)
+
+diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
+index 194e944..2bd66ca 100644
+--- a/include/polarssl/ssl.h
 b/include/polarssl/ssl.h
+@@ -194,6 +194,8 @@
+ #endif /* POLARSSL_SSL_PROTO_TLS1_1 */
+ #endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+ 
++#define SSL_MAX_HOST_NAME_LEN   255 /*!< Maximum host name defined in RFC 1035 */
++
+ /* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
+  * NONE must be zero so that memset()ing structure to zero works */
+ #define SSL_MAX_FRAG_LEN_NONE   0   /*!< don't use this extension   */
+diff --git a/library/ssl_tls.c b/library/ssl_tls.c
+index 5f080de..196f0c9 100644
+--- a/library/ssl_tls.c
 b/library/ssl_tls.c
+@@ -3903,6 +3903,9 @@ int ssl_set_hostname( ssl_context *ssl, const char *hostname )
+ if( ssl->hostname_len + 1 == 0 )
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+ 
++if( ssl->hostname_len > SSL_MAX_HOST_NAME_LEN )
++return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
++
+ ssl->hostname = (unsigned char *) polarssl_malloc( ssl->hostname_len + 1 );
+ 
+ if( ssl->hostname == NULL )
diff --git a/debian/patches/CVE-2015-8036-Add-extra-check-before-integer-conversion.patch b/debian/patches/CVE-2015-8036-Add-extra-check-before-integer-conversion.patch
new file mode 100644
index 000..2b11b31
--- /dev/null
+++ b/debian/patches/CVE-2015-8036-Add-extra-check-before-integer-conversion.patch
@@ -0,0 +1,24 @@
+From: =?utf-8?q?Manuel_P=C3=A9gouri=C3=A9-Gonnard?= 
+Date: Fri, 2 Oct 2015 09:53:52 +0200
+Subject: CVE-2015-8036: Add extra check before integer conversion
+
+end < p should never happen, but just be extra sure
+
+(cherry picked from commit f3e6e4badb35760c9a543ee69b7449cb0cd9784b)
+---
+ library/ssl_cli.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/library/ssl_cli.c b/library/ssl_cli.c
+index 7696311..9b4b8a9 100644
+--- a/library/ssl_cli.c
 b/library/ssl_cli.c
+@@ -135,7 +135,7 @@ static void ssl_write_renegotiation_ext( ssl_context *ssl,
+ 
+ SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) );
+ 
+-if( (size_t)(end - p) < 5 + ssl->verify_data_len )
++if( end < p || (size_t)(end - p) < 5 + ssl->verify_data_len )
+ {
+ SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+ return;
diff --git a/debian/patches/CVE-2015-8036-Added-bounds-checking-for-TLS-extensions.patch b/debian/patches/CVE-2015-8036-Added-bounds-checking-for-TLS-extensions.patch
new file mode 100644
index 000..e674cd9
--- /dev/null
+++ b/debian/patches/CVE-2015-8036-Added-bounds-checking-for-TLS-extensions.patch
@@ -0,0 +1,280 @@
+From: Simon Butcher 
+Date: Thu, 1 Oct 2015 00:24:36 +0100
+Subject: CVE-2015-8036: Added bounds checking for TLS extensions
+
+IOTSSL-478 - Added checks to prevent buffer overflows.
+
+(cherry picked from commit b1e325d6b2bd9c504536fbbd45dce348f0a6c40c)
+---
+ library/ssl_cli.c | 141 +-
+ 1 file changed, 128 insertions(+), 13 deletions(-)
+
+diff --git a/library/ssl_cli.c b/library/ssl_cli.c
+index 27abb3e..71e1beb 100644
+--- a/library/ssl_cli.c
 b/library/ssl_cli.c
+@@ -68,6 +68,7 @@ static

Bug#801413: wheezy: update for polarssl's CVE-2015-5291

2016-02-06 Thread Guido Günther

Hi,
On Fri, Feb 05, 2016 at 08:44:37PM +, James Cowgill wrote:
> Hi!
> 
> On Fri, 2016-02-05 at 14:24 +0100, Guido Günther wrote:
> > Hi,
> > On Mon, Feb 01, 2016 at 09:51:54AM +0100, Sébastien Delafond wrote:
> > > On Jan/31, Guido Günther wrote:
> > > > Uploaded now. Thanks!
> > > 
> > > Hi Guido,
> > > 
> > > have you looked into fixing the jessie version (1.3.9-2.1) as well ? If
> > > not, I'll need to look into it later this week, so that a DSA for
> > > CVE-2015-5291 fixes both wheezy and jessie.
> > 
> > Debdiff attached. It's far more intrusive since we also have to deal
> > with CVE-2015-8036.
> > 
> > James you alread discussed the best way forward at
> > 
> > 
> > https://tls.mbed.org/discussions/bug-report-issues/question-about-cve-2015-5291
> > 
> > with upstream so I'm very interesed in your opinion on this as well.
> 
> Upstream would obviously like Debian to use the point releases of
> polarssl, but they broke the ABI in the 1.3 series since 1.3.9 so we
> can't use them directly. I had a go at reverting the ABI breaking
> changes and I posted my attempt earlier to this bug report, but the
> changes I had to make were very intrusive and they'll probably have to
> fixed up again every time there is a new release.

>From what I read and figured from the Git commits I wonder if we should
open CVEs for the other fixes in 1.3.14 too?

> I'm beginning to feel like cherry picking the CVE related fixes (like
> you've done) is probably the best solution, especially since this has
> already taken some time to fix.

Yeah, I think we should go ahead an fix these and rather revisit the
problem in case we have more issues to fix.

> 
> A few things on the debdiff you just posted:
> - The attachment came though in ISO-8859-1 instead of UTF-8 and
>   lintian didn't like it. Hopefully the file is ok on your machine
>   though.
> - I think the ssl-server-test needs an 'isolation-container'
>   restriction since it opens TCP ports.

Good point, isolation-container restricction added.
Cheers,
 -- Guido

Bug#801413: wheezy: update for polarssl's CVE-2015-5291

2016-02-06 Thread Sébastien Delafond

On Feb/06, Guido Günther wrote:
> > A few things on the debdiff you just posted:
> > - The attachment came though in ISO-8859-1 instead of UTF-8 and
> >   lintian didn't like it. Hopefully the file is ok on your machine
> >   though.
> > - I think the ssl-server-test needs an 'isolation-container'
> >   restriction since it opens TCP ports.

Hi Guido,

can I get the updated debdiff ? I'm about to review it.

Cheers,

--Seb

Bug#801413: wheezy: update for polarssl's CVE-2015-5291

2016-02-06 Thread Sébastien Delafond

On Feb/06, Guido Günther wrote:
> Attached. I've trimmed the CC: list a little to reduce the noise. Feel
> free to readd lists as you see fit.

All good, please upload.

Cheers,

--Seb

Bug#801413: wheezy: update for polarssl's CVE-2015-5291

2016-02-05 Thread James Cowgill

Hi!

On Fri, 2016-02-05 at 14:24 +0100, Guido Günther wrote:
> Hi,
> On Mon, Feb 01, 2016 at 09:51:54AM +0100, Sébastien Delafond wrote:
> > On Jan/31, Guido Günther wrote:
> > > Uploaded now. Thanks!
> > 
> > Hi Guido,
> > 
> > have you looked into fixing the jessie version (1.3.9-2.1) as well ? If
> > not, I'll need to look into it later this week, so that a DSA for
> > CVE-2015-5291 fixes both wheezy and jessie.
> 
> Debdiff attached. It's far more intrusive since we also have to deal
> with CVE-2015-8036.
> 
> James you alread discussed the best way forward at
> 
> 
> https://tls.mbed.org/discussions/bug-report-issues/question-about-cve-2015-5291
> 
> with upstream so I'm very interesed in your opinion on this as well.

Upstream would obviously like Debian to use the point releases of
polarssl, but they broke the ABI in the 1.3 series since 1.3.9 so we
can't use them directly. I had a go at reverting the ABI breaking
changes and I posted my attempt earlier to this bug report, but the
changes I had to make were very intrusive and they'll probably have to
fixed up again every time there is a new release.

I'm beginning to feel like cherry picking the CVE related fixes (like
you've done) is probably the best solution, especially since this has
already taken some time to fix.

A few things on the debdiff you just posted:
- The attachment came though in ISO-8859-1 instead of UTF-8 and
  lintian didn't like it. Hopefully the file is ok on your machine
  though.
- I think the ssl-server-test needs an 'isolation-container'
  restriction since it opens TCP ports.

Thanks,
James

signature.asc
Description: This is a digitally signed message part

Bug#801413: wheezy: update for polarssl's CVE-2015-5291

2016-02-05 Thread Guido Günther

Hi,
On Mon, Feb 01, 2016 at 09:51:54AM +0100, Sébastien Delafond wrote:
> On Jan/31, Guido Günther wrote:
> > Uploaded now. Thanks!
> 
> Hi Guido,
> 
> have you looked into fixing the jessie version (1.3.9-2.1) as well ? If
> not, I'll need to look into it later this week, so that a DSA for
> CVE-2015-5291 fixes both wheezy and jessie.

Debdiff attached. It's far more intrusive since we also have to deal
with CVE-2015-8036.

James you alread discussed the best way forward at


https://tls.mbed.org/discussions/bug-report-issues/question-about-cve-2015-5291

with upstream so I'm very interesed in your opinion on this as well.
Cheers,
 -- Guido
diff --git a/debian/changelog b/debian/changelog
index a0b698f..2952b8f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+polarssl (1.3.9-2.2) jessie-security; urgency=high
+
+  * Non-maintainer upload by the LTS Team.
+  * Backport pathes for CVE-2015-5291 and CVE-2015-8036
+(Closes: #801413)
+  * Add simple smoke test
+
+ -- Guido Günther   Fri, 05 Feb 2016 13:41:23 +0100
+
 polarssl (1.3.9-2.1) unstable; urgency=high
 
   * Non-maintainer upload.
diff --git a/debian/patches/CVE-2015-5291-Added-max-length-checking-of-hostname.patch b/debian/patches/CVE-2015-5291-Added-max-length-checking-of-hostname.patch
new file mode 100644
index 000..dd17324
--- /dev/null
+++ b/debian/patches/CVE-2015-5291-Added-max-length-checking-of-hostname.patch
@@ -0,0 +1,37 @@
+From: Simon Butcher 
+Date: Tue, 29 Sep 2015 23:27:20 +0100
+Subject: CVE-2015-5291: Added max length checking of hostname
+
+(cherry picked from commit c988f32adde62a169ba340fee0da15aecd40e76e)
+---
+ include/polarssl/ssl.h | 2 ++
+ library/ssl_tls.c  | 3 +++
+ 2 files changed, 5 insertions(+)
+
+diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
+index 194e944..2bd66ca 100644
+--- a/include/polarssl/ssl.h
 b/include/polarssl/ssl.h
+@@ -194,6 +194,8 @@
+ #endif /* POLARSSL_SSL_PROTO_TLS1_1 */
+ #endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+ 
++#define SSL_MAX_HOST_NAME_LEN   255 /*!< Maximum host name defined in RFC 1035 */
++
+ /* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
+  * NONE must be zero so that memset()ing structure to zero works */
+ #define SSL_MAX_FRAG_LEN_NONE   0   /*!< don't use this extension   */
+diff --git a/library/ssl_tls.c b/library/ssl_tls.c
+index 5f080de..196f0c9 100644
+--- a/library/ssl_tls.c
 b/library/ssl_tls.c
+@@ -3903,6 +3903,9 @@ int ssl_set_hostname( ssl_context *ssl, const char *hostname )
+ if( ssl->hostname_len + 1 == 0 )
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+ 
++if( ssl->hostname_len > SSL_MAX_HOST_NAME_LEN )
++return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
++
+ ssl->hostname = (unsigned char *) polarssl_malloc( ssl->hostname_len + 1 );
+ 
+ if( ssl->hostname == NULL )
diff --git a/debian/patches/CVE-2015-8036-Add-extra-check-before-integer-conversion.patch b/debian/patches/CVE-2015-8036-Add-extra-check-before-integer-conversion.patch
new file mode 100644
index 000..2b11b31
--- /dev/null
+++ b/debian/patches/CVE-2015-8036-Add-extra-check-before-integer-conversion.patch
@@ -0,0 +1,24 @@
+From: =?utf-8?q?Manuel_P=C3=A9gouri=C3=A9-Gonnard?= 
+Date: Fri, 2 Oct 2015 09:53:52 +0200
+Subject: CVE-2015-8036: Add extra check before integer conversion
+
+end < p should never happen, but just be extra sure
+
+(cherry picked from commit f3e6e4badb35760c9a543ee69b7449cb0cd9784b)
+---
+ library/ssl_cli.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/library/ssl_cli.c b/library/ssl_cli.c
+index 7696311..9b4b8a9 100644
+--- a/library/ssl_cli.c
 b/library/ssl_cli.c
+@@ -135,7 +135,7 @@ static void ssl_write_renegotiation_ext( ssl_context *ssl,
+ 
+ SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) );
+ 
+-if( (size_t)(end - p) < 5 + ssl->verify_data_len )
++if( end < p || (size_t)(end - p) < 5 + ssl->verify_data_len )
+ {
+ SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+ return;
diff --git a/debian/patches/CVE-2015-8036-Added-bounds-checking-for-TLS-extensions.patch b/debian/patches/CVE-2015-8036-Added-bounds-checking-for-TLS-extensions.patch
new file mode 100644
index 000..e674cd9
--- /dev/null
+++ b/debian/patches/CVE-2015-8036-Added-bounds-checking-for-TLS-extensions.patch
@@ -0,0 +1,280 @@
+From: Simon Butcher 
+Date: Thu, 1 Oct 2015 00:24:36 +0100
+Subject: CVE-2015-8036: Added bounds checking for TLS extensions
+
+IOTSSL-478 - Added checks to prevent buffer overflows.
+
+(cherry picked from commit b1e325d6b2bd9c504536fbbd45dce348f0a6c40c)
+---
+ library/ssl_cli.c | 141 +-
+ 1 file changed, 128 insertions(+), 13 deletions(-)
+
+diff --git a/library/ssl_cli.c b/library/ssl_cli.c
+index 27abb3e..71e1beb 100644
+--- a/library/ssl_cli.c
 b/library/ssl_cli.c

Bug#801413: wheezy: update for polarssl's CVE-2015-5291

2016-02-01 Thread Sébastien Delafond

On Jan/31, Guido Günther wrote:
> Uploaded now. Thanks!

Hi Guido,

have you looked into fixing the jessie version (1.3.9-2.1) as well ? If
not, I'll need to look into it later this week, so that a DSA for
CVE-2015-5291 fixes both wheezy and jessie.

Cheers,

--Seb

Bug#801413: wheezy: update for polarssl's CVE-2015-5291

2016-01-31 Thread Guido Günther

On Sun, Jan 31, 2016 at 09:12:38AM +0100, Sébastien Delafond wrote:
> On Jan/29, Sébastien Delafond wrote:
> > thanks for the debdiff. It looks OK, so feel free to upload it. Once
> > that's done, I'll release the DSA.
> 
> Hi Guido,
> 
> are you still willing to upload polarssl to security-master ? :)

Uploaded now. Thanks!
 -- Guido

Bug#801413: wheezy: update for polarssl's CVE-2015-5291

2016-01-31 Thread Sébastien Delafond

On Jan/29, Sébastien Delafond wrote:
> thanks for the debdiff. It looks OK, so feel free to upload it. Once
> that's done, I'll release the DSA.

Hi Guido,

are you still willing to upload polarssl to security-master ? :)

Cheers,

--Seb

Bug#801413: wheezy: update for polarssl's CVE-2015-5291

2016-01-29 Thread Sébastien Delafond

Hi Guido,

thanks for the debdiff. It looks OK, so feel free to upload it. Once
that's done, I'll release the DSA.

Cheers,

--Seb

On Jan/23, Guido Günther wrote:
> Hi,
> I've forward ported Thorsten's fix fow squeeze to wheezy and added some
> autopkgtest (debdiff attached). Please find the debdiff attached. I'd be
> happy to upload ths to security master.
> Cheers,
>  -- Guido

> diff --git a/debian/changelog b/debian/changelog
> index b52643b..b6c42f0 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,10 @@
> +polarssl (1.2.9-1~deb7u6) wheezy-security; urgency=high
> +
> +  * Non-maintainer upload by the LTS Security Team.
> +  * CVE-2015-5291: Remote attack on clients using session tickets or SNI
> +
> + -- Guido Günther   Sat, 23 Jan 2016 15:47:29 +0100
> +
>  polarssl (1.2.9-1~deb7u5) wheezy-security; urgency=high
>  
>* Non-maintainer upload by the Security Team.
> diff --git a/debian/patches/CVE-2015-5291-1.patch 
> b/debian/patches/CVE-2015-5291-1.patch
> new file mode 100644
> index 000..f1dc35c
> --- /dev/null
> +++ b/debian/patches/CVE-2015-5291-1.patch
> @@ -0,0 +1,27 @@
> +Index: polarssl-1.2.9/include/polarssl/ssl.h
> +===
> +--- polarssl-1.2.9.orig/include/polarssl/ssl.h   2015-10-22 
> 15:42:52.0 +0200
>  polarssl-1.2.9/include/polarssl/ssl.h2015-10-22 15:44:14.0 
> +0200
> +@@ -123,6 +123,8 @@
> + #define SSL_LEGACY_ALLOW_RENEGOTIATION  1
> + #define SSL_LEGACY_BREAK_HANDSHAKE  2
> + 
> ++#define SSL_MAX_HOST_NAME_LEN   255 /*!< Maximum host name defined 
> in RFC 1035 */
> ++
> + /*
> +  * Size of the input / output buffer.
> +  * Note: the RFC defines the default size of SSL / TLS messages. If you
> +Index: polarssl-1.2.9/library/ssl_tls.c
> +===
> +--- polarssl-1.2.9.orig/library/ssl_tls.c2015-10-22 15:42:52.0 
> +0200
>  polarssl-1.2.9/library/ssl_tls.c 2015-10-22 15:45:02.0 +0200
> +@@ -3260,6 +3260,9 @@
> + if( ssl->hostname_len + 1 == 0 )
> + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
> + 
> ++if( ssl->hostname_len > SSL_MAX_HOST_NAME_LEN )
> ++return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
> ++
> + ssl->hostname = (unsigned char *) malloc( ssl->hostname_len + 1 );
> + 
> + if( ssl->hostname == NULL )
> diff --git a/debian/patches/series b/debian/patches/series
> index 929750e..06dd432 100644
> --- a/debian/patches/series
> +++ b/debian/patches/series
> @@ -5,3 +5,11 @@
>  CVE-2014-4911.patch
>  CVE-2014-8628.patch
>  CVE-2015-1182.patch
> +
> +# fix for CVE-2015-5291
> +# -> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5291
> +CVE-2015-5291-1.patch
> +# vulnerable code not present
> +#CVE-2015-5291-2.patch
> +#CVE-2015-5291-3.patch
> +#CVE-2015-5291-4.patch
> diff --git a/debian/patches/vulernable-code-not-present/CVE-2015-5291-2.patch 
> b/debian/patches/vulernable-code-not-present/CVE-2015-5291-2.patch
> new file mode 100644
> index 000..f4d43ee
> --- /dev/null
> +++ b/debian/patches/vulernable-code-not-present/CVE-2015-5291-2.patch
> @@ -0,0 +1,323 @@
> +diff --git a/library/ssl_cli.c b/library/ssl_cli.c
> +index f603cff..d33 100644
> +--- a/library/ssl_cli.c
>  b/library/ssl_cli.c
> +@@ -65,6 +65,7 @@ static void ssl_write_hostname_ext( ssl_context *ssl,
> + size_t *olen )
> + {
> + unsigned char *p = buf;
> ++const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN;
> + 
> + *olen = 0;
> + 
> +@@ -74,6 +75,12 @@ static void ssl_write_hostname_ext( ssl_context *ssl,
> + SSL_DEBUG_MSG( 3, ( "client hello, adding server name extension: %s",
> +ssl->hostname ) );
> + 
> ++if( (size_t)(end - p) < ssl->hostname_len + 9 )
> ++{
> ++ SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
> ++ return;
> ++}
> ++
> + /*
> +  * struct {
> +  * NameType name_type;
> +@@ -117,6 +124,7 @@ static void ssl_write_renegotiation_ext( ssl_context 
> *ssl,
> +  size_t *olen )
> + {
> + unsigned char *p = buf;
> ++const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN;
> + 
> + *olen = 0;
> + 
> +@@ -125,6 +133,12 @@ static void ssl_write_renegotiation_ext( ssl_context 
> *ssl,
> + 
> + SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) );
> + 
> ++if( (size_t)(end - p) < 5 + ssl->verify_data_len )
> ++{
> ++SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
> ++return;
> ++}
> ++
> + /*
> +  * Secure renegotiation
> +  */
> +@@ -151,6 +165,7 @@ static void ssl_write_signature_algorithms_ext( 
> ssl_context *ssl,
> + size_t *olen )
> + {
> + unsigned char *p = buf;
> ++const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN;
> +

Bug#801413: wheezy: update for polarssl's CVE-2015-5291

2016-01-23 Thread Guido Günther

Hi,
I've forward ported Thorsten's fix fow squeeze to wheezy and added some
autopkgtest (debdiff attached). Please find the debdiff attached. I'd be
happy to upload ths to security master.
Cheers,
 -- Guido
diff --git a/debian/changelog b/debian/changelog
index b52643b..b6c42f0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+polarssl (1.2.9-1~deb7u6) wheezy-security; urgency=high
+
+  * Non-maintainer upload by the LTS Security Team.
+  * CVE-2015-5291: Remote attack on clients using session tickets or SNI
+
+ -- Guido Günther   Sat, 23 Jan 2016 15:47:29 +0100
+
 polarssl (1.2.9-1~deb7u5) wheezy-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff --git a/debian/patches/CVE-2015-5291-1.patch b/debian/patches/CVE-2015-5291-1.patch
new file mode 100644
index 000..f1dc35c
--- /dev/null
+++ b/debian/patches/CVE-2015-5291-1.patch
@@ -0,0 +1,27 @@
+Index: polarssl-1.2.9/include/polarssl/ssl.h
+===
+--- polarssl-1.2.9.orig/include/polarssl/ssl.h	2015-10-22 15:42:52.0 +0200
 polarssl-1.2.9/include/polarssl/ssl.h	2015-10-22 15:44:14.0 +0200
+@@ -123,6 +123,8 @@
+ #define SSL_LEGACY_ALLOW_RENEGOTIATION  1
+ #define SSL_LEGACY_BREAK_HANDSHAKE  2
+ 
++#define SSL_MAX_HOST_NAME_LEN   255 /*!< Maximum host name defined in RFC 1035 */
++
+ /*
+  * Size of the input / output buffer.
+  * Note: the RFC defines the default size of SSL / TLS messages. If you
+Index: polarssl-1.2.9/library/ssl_tls.c
+===
+--- polarssl-1.2.9.orig/library/ssl_tls.c	2015-10-22 15:42:52.0 +0200
 polarssl-1.2.9/library/ssl_tls.c	2015-10-22 15:45:02.0 +0200
+@@ -3260,6 +3260,9 @@
+ if( ssl->hostname_len + 1 == 0 )
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+ 
++if( ssl->hostname_len > SSL_MAX_HOST_NAME_LEN )
++return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
++
+ ssl->hostname = (unsigned char *) malloc( ssl->hostname_len + 1 );
+ 
+ if( ssl->hostname == NULL )
diff --git a/debian/patches/series b/debian/patches/series
index 929750e..06dd432 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,3 +5,11 @@
 CVE-2014-4911.patch
 CVE-2014-8628.patch
 CVE-2015-1182.patch
+
+# fix for CVE-2015-5291
+# -> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5291
+CVE-2015-5291-1.patch
+# vulnerable code not present
+#CVE-2015-5291-2.patch
+#CVE-2015-5291-3.patch
+#CVE-2015-5291-4.patch
diff --git a/debian/patches/vulernable-code-not-present/CVE-2015-5291-2.patch b/debian/patches/vulernable-code-not-present/CVE-2015-5291-2.patch
new file mode 100644
index 000..f4d43ee
--- /dev/null
+++ b/debian/patches/vulernable-code-not-present/CVE-2015-5291-2.patch
@@ -0,0 +1,323 @@
+diff --git a/library/ssl_cli.c b/library/ssl_cli.c
+index f603cff..d33 100644
+--- a/library/ssl_cli.c
 b/library/ssl_cli.c
+@@ -65,6 +65,7 @@ static void ssl_write_hostname_ext( ssl_context *ssl,
+ size_t *olen )
+ {
+ unsigned char *p = buf;
++const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN;
+ 
+ *olen = 0;
+ 
+@@ -74,6 +75,12 @@ static void ssl_write_hostname_ext( ssl_context *ssl,
+ SSL_DEBUG_MSG( 3, ( "client hello, adding server name extension: %s",
+ssl->hostname ) );
+ 
++if( (size_t)(end - p) < ssl->hostname_len + 9 )
++{
++ SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
++ return;
++}
++
+ /*
+  * struct {
+  * NameType name_type;
+@@ -117,6 +124,7 @@ static void ssl_write_renegotiation_ext( ssl_context *ssl,
+  size_t *olen )
+ {
+ unsigned char *p = buf;
++const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN;
+ 
+ *olen = 0;
+ 
+@@ -125,6 +133,12 @@ static void ssl_write_renegotiation_ext( ssl_context *ssl,
+ 
+ SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) );
+ 
++if( (size_t)(end - p) < 5 + ssl->verify_data_len )
++{
++SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
++return;
++}
++
+ /*
+  * Secure renegotiation
+  */
+@@ -151,6 +165,7 @@ static void ssl_write_signature_algorithms_ext( ssl_context *ssl,
+ size_t *olen )
+ {
+ unsigned char *p = buf;
++const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN;
+ size_t sig_alg_len = 0;
+ #if defined(POLARSSL_RSA_C) || defined(POLARSSL_ECDSA_C)
+ unsigned char *sig_alg_list = buf + 6;
+@@ -163,9 +178,54 @@ static void ssl_write_signature_algorithms_ext( ssl_context *ssl,
+ 
+ SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) );
+ 
++#if defined(POLARSSL_RSA_C)
++#if defined(POLARSSL_SHA512_C)
++/* SHA512 + RSA signature, SHA384 + RSA signature */
++sig_alg_len += 4;
++#endif

Bug#801413: wheezy: update for polarssl's CVE-2015-5291

Bug#801413: wheezy: update for polarssl's CVE-2015-5291

Bug#801413: wheezy: update for polarssl's CVE-2015-5291

Bug#801413: wheezy: update for polarssl's CVE-2015-5291

Bug#801413: wheezy: update for polarssl's CVE-2015-5291

Bug#801413: wheezy: update for polarssl's CVE-2015-5291

Bug#801413: wheezy: update for polarssl's CVE-2015-5291

Bug#801413: wheezy: update for polarssl's CVE-2015-5291

Bug#801413: wheezy: update for polarssl's CVE-2015-5291

Bug#801413: wheezy: update for polarssl's CVE-2015-5291

Bug#801413: wheezy: update for polarssl's CVE-2015-5291

11 matches

Site Navigation

Mail list logo

Footer information