openssl

Soren Jacobsen Sat, 04 Jul 2009 17:53:10 -0700

Module Name:    src
Committed By:   snj
Date:           Sun Jul  5 00:53:05 UTC 2009


Modified Files:
        src/crypto/dist/openssl/crypto/pqueue [netbsd-4]: pqueue.c pqueue.h
        src/crypto/dist/openssl/ssl [netbsd-4]: d1_both.c d1_pkt.c s3_pkt.c
            ssl.h ssl_err.c

Log Message:
Apply patch (requested by tonnerre in ticket #1334):
Another OpenSSL security update.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.4.1 \
    src/crypto/dist/openssl/crypto/pqueue/pqueue.c \
    src/crypto/dist/openssl/crypto/pqueue/pqueue.h
cvs rdiff -u -r1.1.1.1.4.1 -r1.1.1.1.4.2 \
    src/crypto/dist/openssl/ssl/d1_both.c
cvs rdiff -u -r1.1.1.3.2.1 -r1.1.1.3.2.2 src/crypto/dist/openssl/ssl/d1_pkt.c
cvs rdiff -u -r1.6.4.1 -r1.6.4.2 src/crypto/dist/openssl/ssl/s3_pkt.c
cvs rdiff -u -r1.15.2.2 -r1.15.2.3 src/crypto/dist/openssl/ssl/ssl.h
cvs rdiff -u -r1.9.4.2 -r1.9.4.3 src/crypto/dist/openssl/ssl/ssl_err.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/openssl/crypto/pqueue/pqueue.c
diff -u src/crypto/dist/openssl/crypto/pqueue/pqueue.c:1.1.1.1 src/crypto/dist/openssl/crypto/pqueue/pqueue.c:1.1.1.1.4.1
--- src/crypto/dist/openssl/crypto/pqueue/pqueue.c:1.1.1.1	Fri Nov 25 03:06:54 2005
+++ src/crypto/dist/openssl/crypto/pqueue/pqueue.c	Sun Jul  5 00:53:05 2009
@@ -234,3 +234,17 @@
 
 	return ret;
 	}
+
+int
+pqueue_size(pqueue_s *pq)
+{
+	pitem *item = pq->items;
+	int count = 0;
+	
+	while(item != NULL)
+	{
+		count++;
+		item = item->next;
+	}
+	return count;
+}
Index: src/crypto/dist/openssl/crypto/pqueue/pqueue.h
diff -u src/crypto/dist/openssl/crypto/pqueue/pqueue.h:1.1.1.1 src/crypto/dist/openssl/crypto/pqueue/pqueue.h:1.1.1.1.4.1
--- src/crypto/dist/openssl/crypto/pqueue/pqueue.h:1.1.1.1	Fri Nov 25 03:06:54 2005
+++ src/crypto/dist/openssl/crypto/pqueue/pqueue.h	Sun Jul  5 00:53:05 2009
@@ -91,5 +91,6 @@
 pitem *pqueue_next(piterator *iter);
 
 void   pqueue_print(pqueue pq);
+int    pqueue_size(pqueue pq);
 
 #endif /* ! HEADER_PQUEUE_H */

Index: src/crypto/dist/openssl/ssl/d1_both.c
diff -u src/crypto/dist/openssl/ssl/d1_both.c:1.1.1.1.4.1 src/crypto/dist/openssl/ssl/d1_both.c:1.1.1.1.4.2
--- src/crypto/dist/openssl/ssl/d1_both.c:1.1.1.1.4.1	Fri Oct 26 23:29:54 2007
+++ src/crypto/dist/openssl/ssl/d1_both.c	Sun Jul  5 00:53:05 2009
@@ -519,6 +519,7 @@
 
 	if ( s->d1->handshake_read_seq == frag->msg_header.seq)
 		{
+		unsigned long frag_len = frag->msg_header.frag_len;
 		pqueue_pop(s->d1->buffered_messages);
 
 		al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
@@ -536,7 +537,7 @@
 		if (al==0)
 			{
 			*ok = 1;
-			return frag->msg_header.frag_len;
+			return frag_len;
 			}
 
 		ssl3_send_alert(s,SSL3_AL_FATAL,al);
@@ -561,7 +562,16 @@
 	if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
 		goto err;
 
-	if (msg_hdr->seq <= s->d1->handshake_read_seq)
+	/* Try to find item in queue, to prevent duplicate entries */
+	memset(seq64be,0,sizeof(seq64be));
+	seq64be[6] = (unsigned char) (msg_hdr->seq>>8);
+	seq64be[7] = (unsigned char) msg_hdr->seq;
+	item = pqueue_find(s->d1->buffered_messages, seq64be);
+	
+	/* Discard the message if sequence number was already there, is
+	 * too far in the future or the fragment is already in the queue */
+	if (msg_hdr->seq <= s->d1->handshake_read_seq ||
+		msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL)
 		{
 		unsigned char devnull [256];
 
@@ -575,30 +585,31 @@
 			}
 		}
 
-	frag = dtls1_hm_fragment_new(frag_len);
-	if ( frag == NULL)
-		goto err;
+	if (frag_len)
+	{
+		frag = dtls1_hm_fragment_new(frag_len);
+		if ( frag == NULL)
+			goto err;
 
-	memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
+		memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
 
-	if (frag_len)
-		{
-		/* read the body of the fragment (header has already been read */
+		/* read the body of the fragment (header has already been read) */
 		i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
 			frag->fragment,frag_len,0);
 		if (i<=0 || (unsigned long)i!=frag_len)
 			goto err;
-		}
 
-	pq_64bit_init(&seq64);
-	pq_64bit_assign_word(&seq64, msg_hdr->seq);
+		pq_64bit_init(&seq64);
+		pq_64bit_assign_word(&seq64, msg_hdr->seq);
 
-	item = pitem_new(seq64, frag);
-	pq_64bit_free(&seq64);
-	if ( item == NULL)
-		goto err;
+		item = pitem_new(seq64, frag);
+		pq_64bit_free(&seq64);
+		if ( item == NULL)
+			goto err;
+
+		pqueue_insert(s->d1->buffered_messages, item);
+	}
 
-	pqueue_insert(s->d1->buffered_messages, item);
 	return DTLS1_HM_FRAGMENT_RETRY;
 
 err:

Index: src/crypto/dist/openssl/ssl/d1_pkt.c
diff -u src/crypto/dist/openssl/ssl/d1_pkt.c:1.1.1.3.2.1 src/crypto/dist/openssl/ssl/d1_pkt.c:1.1.1.3.2.2
--- src/crypto/dist/openssl/ssl/d1_pkt.c:1.1.1.3.2.1	Sat Aug 25 17:52:59 2007
+++ src/crypto/dist/openssl/ssl/d1_pkt.c	Sun Jul  5 00:53:05 2009
@@ -166,6 +166,10 @@
     DTLS1_RECORD_DATA *rdata;
 	pitem *item;
 
+	/* Limit the size of the queue to prevent DOS attacks */
+	if (pqueue_size(queue->q) >= 100)
+		return 0;
+		
 	rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
 	item = pitem_new(priority, rdata);
 	if (rdata == NULL || item == NULL)

Index: src/crypto/dist/openssl/ssl/s3_pkt.c
diff -u src/crypto/dist/openssl/ssl/s3_pkt.c:1.6.4.1 src/crypto/dist/openssl/ssl/s3_pkt.c:1.6.4.2
--- src/crypto/dist/openssl/ssl/s3_pkt.c:1.6.4.1	Sat Aug 25 17:53:01 2007
+++ src/crypto/dist/openssl/ssl/s3_pkt.c	Sun Jul  5 00:53:05 2009
@@ -1226,6 +1226,13 @@
 
 	if (s->s3->tmp.key_block == NULL)
 		{
+		if (s->session == NULL) 
+			{
+			/* might happen if dtls1_read_bytes() calls this */
+			SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
+			return (0);
+			}
+
 		s->session->cipher=s->s3->tmp.new_cipher;
 		if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
 		}

Index: src/crypto/dist/openssl/ssl/ssl.h
diff -u src/crypto/dist/openssl/ssl/ssl.h:1.15.2.2 src/crypto/dist/openssl/ssl/ssl.h:1.15.2.3
--- src/crypto/dist/openssl/ssl/ssl.h:1.15.2.2	Fri Oct 26 23:29:52 2007
+++ src/crypto/dist/openssl/ssl/ssl.h	Sun Jul  5 00:53:05 2009
@@ -1615,6 +1615,7 @@
 #define SSL_F_SSL3_CONNECT				 132
 #define SSL_F_SSL3_CTRL					 213
 #define SSL_F_SSL3_CTX_CTRL				 133
+#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC		 292
 #define SSL_F_SSL3_ENC					 134
 #define SSL_F_SSL3_GENERATE_KEY_BLOCK			 238
 #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST		 135

Index: src/crypto/dist/openssl/ssl/ssl_err.c
diff -u src/crypto/dist/openssl/ssl/ssl_err.c:1.9.4.2 src/crypto/dist/openssl/ssl/ssl_err.c:1.9.4.3
--- src/crypto/dist/openssl/ssl/ssl_err.c:1.9.4.2	Fri Oct 26 23:29:52 2007
+++ src/crypto/dist/openssl/ssl/ssl_err.c	Sun Jul  5 00:53:05 2009
@@ -138,6 +138,7 @@
 {ERR_FUNC(SSL_F_SSL3_CONNECT),	"SSL3_CONNECT"},
 {ERR_FUNC(SSL_F_SSL3_CTRL),	"SSL3_CTRL"},
 {ERR_FUNC(SSL_F_SSL3_CTX_CTRL),	"SSL3_CTX_CTRL"},
+{ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC),	"SSL3_DO_CHANGE_CIPHER_SPEC"},
 {ERR_FUNC(SSL_F_SSL3_ENC),	"SSL3_ENC"},
 {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK),	"SSL3_GENERATE_KEY_BLOCK"},
 {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST),	"SSL3_GET_CERTIFICATE_REQUEST"},

CVS commit: [netbsd-4] src/crypto/dist/openssl

Reply via email to