File openssl-CVE-2014-3506.patch of Package compat-openssl098.703

Overview Repositories Revisions Requests Users Attributes Meta

File openssl-CVE-2014-3506.patch of Package compat-openssl098.703

commit 338a5e7e5458edf4cf754fd831a451fb4b57d180
Author: Matt Caswell <matt@openssl.org>
Date:   Fri Jun 6 14:25:52 2014 -0700

Fix DTLS handshake message size checks.
    
    In |dtls1_reassemble_fragment|, the value of
    |msg_hdr->frag_off+frag_len| was being checked against the maximum
    handshake message size, but then |msg_len| bytes were allocated for the
    fragment buffer. This means that so long as the fragment was within the
    allowed size, the pending handshake message could consume 16MB + 2MB
    (for the reassembly bitmap). Approx 10 outstanding handshake messages
    are allowed, meaning that an attacker could consume ~180MB per DTLS
    connection.
    
    In the non-fragmented path (in |dtls1_process_out_of_seq_message|), no
    check was applied.
    
    Fixes CVE-2014-3506
    
    Wholly based on patch by Adam Langley with one minor amendment.
    
    Reviewed-by: Emilia Käsper <emilia@openssl.org>

Index: openssl-0.9.8j/ssl/d1_both.c
===================================================================
--- openssl-0.9.8j.orig/ssl/d1_both.c	2014-08-08 15:25:06.746108335 +0200
+++ openssl-0.9.8j/ssl/d1_both.c	2014-08-08 15:45:32.935957123 +0200
@@ -550,6 +550,16 @@ dtls1_retrieve_buffered_fragment(SSL *s,
 		return 0;
 	}
 
+/* dtls1_max_handshake_message_len returns the maximum number of bytes
+ * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but may
+ * be greater if the maximum certificate list size requires it. */
+static unsigned long dtls1_max_handshake_message_len(const SSL *s)
+	{
+	unsigned long max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
+	if (max_len < (unsigned long)s->max_cert_list)
+		return s->max_cert_list;
+	return max_len;
+	}
 
 static int
 dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok, long max)
@@ -588,6 +598,9 @@ dtls1_process_out_of_seq_message(SSL *s,
 
 	if (frag_len)
 	{
+		if (frag_len > dtls1_max_handshake_message_len(s))
+			goto err;
+
 		frag = dtls1_hm_fragment_new(frag_len);
 		if ( frag == NULL)
 			goto err;

Places

File openssl-CVE-2014-3506.patch of Package compat-openssl098.703

Places