* [dora][PATCH 1/6] openssl: fix CVE-2014-0195
2014-06-09 15:53 [dora][PATCH 0/6] OpenSSL CVE fixes for the dora branch Paul Eggleton
@ 2014-06-09 15:53 ` Paul Eggleton
2014-06-09 15:53 ` [dora][PATCH 2/6] openssl: use upstream fix for CVE-2014-0198 Paul Eggleton
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Paul Eggleton @ 2014-06-09 15:53 UTC (permalink / raw)
To: openembedded-core
From the OpenSSL Security Advisory [05 Jun 2014]
http://www.openssl.org/news/secadv_20140605.txt
DTLS invalid fragment vulnerability (CVE-2014-0195)
A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.
Only applications using OpenSSL as a DTLS client or server affected.
(Patch borrowed from Fedora.)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
.../openssl-1.0.1e-cve-2014-0195.patch | 40 ++++++++++++++++++++++
.../recipes-connectivity/openssl/openssl_1.0.1e.bb | 1 +
2 files changed, 41 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0195.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0195.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0195.patch
new file mode 100644
index 0000000..0c43919
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0195.patch
@@ -0,0 +1,40 @@
+commit 208d54db20d58c9a5e45e856a0650caadd7d9612
+Author: Dr. Stephen Henson <steve@openssl.org>
+Date: Tue May 13 18:48:31 2014 +0100
+
+ Fix for CVE-2014-0195
+
+ A buffer overrun attack can be triggered by sending invalid DTLS fragments
+ to an OpenSSL DTLS client or server. This is potentially exploitable to
+ run arbitrary code on a vulnerable client or server.
+
+ Fixed by adding consistency check for DTLS fragments.
+
+ Thanks to Jüri Aedla for reporting this issue.
+
+Patch borrowed from Fedora
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+diff --git a/ssl/d1_both.c b/ssl/d1_both.c
+index 2e8cf68..07f67f8 100644
+--- a/ssl/d1_both.c
++++ b/ssl/d1_both.c
+@@ -627,7 +627,16 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
+ frag->msg_header.frag_off = 0;
+ }
+ else
++ {
+ frag = (hm_fragment*) item->data;
++ if (frag->msg_header.msg_len != msg_hdr->msg_len)
++ {
++ item = NULL;
++ frag = NULL;
++ goto err;
++ }
++ }
++
+
+ /* If message is already reassembled, this must be a
+ * retransmit and can be dropped.
+
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
index 842a903..7783206 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
@@ -39,6 +39,7 @@ SRC_URI += "file://configure-targets.patch \
file://0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch \
file://CVE-2014-0160.patch \
file://openssl-CVE-2014-0198-fix.patch \
+ file://openssl-1.0.1e-cve-2014-0195.patch \
"
SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c"
--
1.9.3
^ permalink raw reply related [flat|nested] 7+ messages in thread* [dora][PATCH 2/6] openssl: use upstream fix for CVE-2014-0198
2014-06-09 15:53 [dora][PATCH 0/6] OpenSSL CVE fixes for the dora branch Paul Eggleton
2014-06-09 15:53 ` [dora][PATCH 1/6] openssl: fix CVE-2014-0195 Paul Eggleton
@ 2014-06-09 15:53 ` Paul Eggleton
2014-06-09 15:53 ` [dora][PATCH 3/6] openssl: fix CVE-2014-0221 Paul Eggleton
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Paul Eggleton @ 2014-06-09 15:53 UTC (permalink / raw)
To: openembedded-core
This replaces the fix for CVE-2014-0198 with one borrowed from Fedora,
which is the same as the patch which was actually applied upstream for
the issue, i.e.:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b107586c0c3447ea22dba8698ebbcd81bb29d48c
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
.../openssl-1.0.1e-cve-2014-0198.patch | 38 ++++++++++++++++++++++
.../openssl-1.0.1e/openssl-CVE-2014-0198-fix.patch | 23 -------------
.../recipes-connectivity/openssl/openssl_1.0.1e.bb | 2 +-
3 files changed, 39 insertions(+), 24 deletions(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0198.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2014-0198-fix.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0198.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0198.patch
new file mode 100644
index 0000000..12dcfb7
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0198.patch
@@ -0,0 +1,38 @@
+From: Matt Caswell <matt@openssl.org>
+Date: Sun, 11 May 2014 23:38:37 +0000 (+0100)
+Subject: Fixed NULL pointer dereference. See PR#3321
+X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=b107586
+
+Fixed NULL pointer dereference. See PR#3321
+
+Patch borrowed from Fedora
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+---
+
+diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
+index 40eb0dd..d961d12 100644
+--- a/ssl/s3_pkt.c
++++ b/ssl/s3_pkt.c
+@@ -657,9 +657,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+ SSL3_BUFFER *wb=&(s->s3->wbuf);
+ SSL_SESSION *sess;
+
+- if (wb->buf == NULL)
+- if (!ssl3_setup_write_buffer(s))
+- return -1;
+
+ /* first check if there is a SSL3_BUFFER still being written
+ * out. This will happen with non blocking IO */
+@@ -675,6 +672,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+ /* if it went, fall through and send more stuff */
+ }
+
++ if (wb->buf == NULL)
++ if (!ssl3_setup_write_buffer(s))
++ return -1;
++
+ if (len == 0 && !create_empty_fragment)
+ return 0;
+
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2014-0198-fix.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2014-0198-fix.patch
deleted file mode 100644
index 4c51d74..0000000
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2014-0198-fix.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-Upstream-Status: Backport
-
-Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1093837
-
-CVE-2014-0198: An attacker can trigger generation of an SSL
-alert which could cause a null pointer dereference.
-
-Signed-off-by: Maxin B. John <maxin.john@enea.com>
----
-diff -Naur openssl-1.0.1g-orig/ssl/s3_pkt.c openssl-1.0.1g/ssl/s3_pkt.c
---- openssl-1.0.1g-orig/ssl/s3_pkt.c 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/ssl/s3_pkt.c 2014-05-06 02:32:43.862587660 +0200
-@@ -657,6 +657,10 @@
- if (i <= 0)
- return(i);
- /* if it went, fall through and send more stuff */
-+ /* we may have released our buffer, so get it again */
-+ if (wb->buf == NULL)
-+ if (!ssl3_setup_write_buffer(s))
-+ return -1;
- }
-
- if (len == 0 && !create_empty_fragment)
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
index 7783206..38cdb3f 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
@@ -38,8 +38,8 @@ SRC_URI += "file://configure-targets.patch \
file://0001-Fix-DTLS-retransmission-from-previous-session.patch \
file://0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch \
file://CVE-2014-0160.patch \
- file://openssl-CVE-2014-0198-fix.patch \
file://openssl-1.0.1e-cve-2014-0195.patch \
+ file://openssl-1.0.1e-cve-2014-0198.patch \
"
SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c"
--
1.9.3
^ permalink raw reply related [flat|nested] 7+ messages in thread* [dora][PATCH 3/6] openssl: fix CVE-2014-0221
2014-06-09 15:53 [dora][PATCH 0/6] OpenSSL CVE fixes for the dora branch Paul Eggleton
2014-06-09 15:53 ` [dora][PATCH 1/6] openssl: fix CVE-2014-0195 Paul Eggleton
2014-06-09 15:53 ` [dora][PATCH 2/6] openssl: use upstream fix for CVE-2014-0198 Paul Eggleton
@ 2014-06-09 15:53 ` Paul Eggleton
2014-06-09 15:53 ` [dora][PATCH 4/6] openssl: fix CVE-2014-0224 Paul Eggleton
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Paul Eggleton @ 2014-06-09 15:53 UTC (permalink / raw)
To: openembedded-core
From the OpenSSL Security Advisory [05 Jun 2014]
http://www.openssl.org/news/secadv_20140605.txt
DTLS recursion flaw (CVE-2014-0221)
By sending an invalid DTLS handshake to an OpenSSL DTLS client the code
can be made to recurse eventually crashing in a DoS attack.
Only applications using OpenSSL as a DTLS client are affected.
(Patch borrowed from Fedora.)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
.../openssl-1.0.1e-cve-2014-0221.patch | 38 ++++++++++++++++++++++
.../recipes-connectivity/openssl/openssl_1.0.1e.bb | 1 +
2 files changed, 39 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0221.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0221.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0221.patch
new file mode 100644
index 0000000..bf730a8
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0221.patch
@@ -0,0 +1,38 @@
+commit d30e582446b027868cdabd0994681643682045a4
+Author: Dr. Stephen Henson <steve@openssl.org>
+Date: Fri May 16 13:00:45 2014 +0100
+
+ Fix CVE-2014-0221
+
+ Unnecessary recursion when receiving a DTLS hello request can be used to
+ crash a DTLS client. Fixed by handling DTLS hello request without recursion.
+
+ Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
+
+Patch borrowed from Fedora
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+diff --git a/ssl/d1_both.c b/ssl/d1_both.c
+index 07f67f8..4c2fd03 100644
+--- a/ssl/d1_both.c
++++ b/ssl/d1_both.c
+@@ -793,6 +793,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
+ int i,al;
+ struct hm_header_st msg_hdr;
+
++ redo:
+ /* see if we have the required fragment already */
+ if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
+ {
+@@ -851,8 +852,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
+ s->msg_callback_arg);
+
+ s->init_num = 0;
+- return dtls1_get_message_fragment(s, st1, stn,
+- max, ok);
++ goto redo;
+ }
+ else /* Incorrectly formated Hello request */
+ {
+
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
index 38cdb3f..dc77330 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
@@ -40,6 +40,7 @@ SRC_URI += "file://configure-targets.patch \
file://CVE-2014-0160.patch \
file://openssl-1.0.1e-cve-2014-0195.patch \
file://openssl-1.0.1e-cve-2014-0198.patch \
+ file://openssl-1.0.1e-cve-2014-0221.patch \
"
SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c"
--
1.9.3
^ permalink raw reply related [flat|nested] 7+ messages in thread* [dora][PATCH 4/6] openssl: fix CVE-2014-0224
2014-06-09 15:53 [dora][PATCH 0/6] OpenSSL CVE fixes for the dora branch Paul Eggleton
` (2 preceding siblings ...)
2014-06-09 15:53 ` [dora][PATCH 3/6] openssl: fix CVE-2014-0221 Paul Eggleton
@ 2014-06-09 15:53 ` Paul Eggleton
2014-06-09 15:53 ` [dora][PATCH 5/6] openssl: fix CVE-2014-3470 Paul Eggleton
2014-06-09 15:53 ` [dora][PATCH 6/6] openssl: fix for CVE-2010-5298 Paul Eggleton
5 siblings, 0 replies; 7+ messages in thread
From: Paul Eggleton @ 2014-06-09 15:53 UTC (permalink / raw)
To: openembedded-core
From the OpenSSL Security Advisory [05 Jun 2014]
http://www.openssl.org/news/secadv_20140605.txt
SSL/TLS MITM vulnerability (CVE-2014-0224)
An attacker using a carefully crafted handshake can force the use of weak
keying material in OpenSSL SSL/TLS clients and servers. This can be exploited
by a Man-in-the-middle (MITM) attack where the attacker can decrypt and
modify traffic from the attacked client and server.
The attack can only be performed between a vulnerable client *and*
server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers
are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users
of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.
(Patch borrowed from Fedora.)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
.../openssl-1.0.1e-cve-2014-0224.patch | 103 +++++++++++++++++++++
.../recipes-connectivity/openssl/openssl_1.0.1e.bb | 1 +
2 files changed, 104 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0224.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0224.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0224.patch
new file mode 100644
index 0000000..0ed1d12
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0224.patch
@@ -0,0 +1,103 @@
+Fix for CVE-2014-0224
+
+Only accept change cipher spec when it is expected instead of at any
+time. This prevents premature setting of session keys before the master
+secret is determined which an attacker could use as a MITM attack.
+
+Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue
+and providing the initial fix this patch is based on.
+
+
+Patch borrowed from Fedora
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+
+diff -up openssl-1.0.1e/ssl/ssl3.h.keying-mitm openssl-1.0.1e/ssl/ssl3.h
+--- openssl-1.0.1e/ssl/ssl3.h.keying-mitm 2014-06-02 19:48:04.518100562 +0200
++++ openssl-1.0.1e/ssl/ssl3.h 2014-06-02 19:48:04.642103429 +0200
+@@ -388,6 +388,7 @@ typedef struct ssl3_buffer_st
+ #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
+ #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
+ #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020
++#define SSL3_FLAGS_CCS_OK 0x0080
+
+ /* SSL3_FLAGS_SGC_RESTART_DONE is set when we
+ * restart a handshake because of MS SGC and so prevents us
+diff -up openssl-1.0.1e/ssl/s3_clnt.c.keying-mitm openssl-1.0.1e/ssl/s3_clnt.c
+--- openssl-1.0.1e/ssl/s3_clnt.c.keying-mitm 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/s3_clnt.c 2014-06-02 19:49:57.042701985 +0200
+@@ -559,6 +559,7 @@ int ssl3_connect(SSL *s)
+ case SSL3_ST_CR_FINISHED_A:
+ case SSL3_ST_CR_FINISHED_B:
+
++ s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
+ SSL3_ST_CR_FINISHED_B);
+ if (ret <= 0) goto end;
+@@ -916,6 +917,7 @@ int ssl3_get_server_hello(SSL *s)
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+ goto f_err;
+ }
++ s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ s->hit=1;
+ }
+ else /* a miss or crap from the other end */
+diff -up openssl-1.0.1e/ssl/s3_pkt.c.keying-mitm openssl-1.0.1e/ssl/s3_pkt.c
+--- openssl-1.0.1e/ssl/s3_pkt.c.keying-mitm 2014-06-02 19:48:04.640103383 +0200
++++ openssl-1.0.1e/ssl/s3_pkt.c 2014-06-02 19:48:04.643103452 +0200
+@@ -1298,6 +1298,15 @@ start:
+ goto f_err;
+ }
+
++ if (!(s->s3->flags & SSL3_FLAGS_CCS_OK))
++ {
++ al=SSL_AD_UNEXPECTED_MESSAGE;
++ SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
++ goto f_err;
++ }
++
++ s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
++
+ rr->length=0;
+
+ if (s->msg_callback)
+@@ -1432,7 +1441,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
+
+ if (s->s3->tmp.key_block == NULL)
+ {
+- if (s->session == NULL)
++ if (s->session == NULL || s->session->master_key_length == 0)
+ {
+ /* might happen if dtls1_read_bytes() calls this */
+ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
+diff -up openssl-1.0.1e/ssl/s3_srvr.c.keying-mitm openssl-1.0.1e/ssl/s3_srvr.c
+--- openssl-1.0.1e/ssl/s3_srvr.c.keying-mitm 2014-06-02 19:48:04.630103151 +0200
++++ openssl-1.0.1e/ssl/s3_srvr.c 2014-06-02 19:48:04.643103452 +0200
+@@ -673,6 +673,7 @@ int ssl3_accept(SSL *s)
+ case SSL3_ST_SR_CERT_VRFY_A:
+ case SSL3_ST_SR_CERT_VRFY_B:
+
++ s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ /* we should decide if we expected this one */
+ ret=ssl3_get_cert_verify(s);
+ if (ret <= 0) goto end;
+@@ -700,6 +701,7 @@ int ssl3_accept(SSL *s)
+
+ case SSL3_ST_SR_FINISHED_A:
+ case SSL3_ST_SR_FINISHED_B:
++ s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
+ SSL3_ST_SR_FINISHED_B);
+ if (ret <= 0) goto end;
+@@ -770,7 +772,10 @@ int ssl3_accept(SSL *s)
+ s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
+ #else
+ if (s->s3->next_proto_neg_seen)
++ {
++ s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A;
++ }
+ else
+ s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
+ #endif
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
index dc77330..fae0b93 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
@@ -41,6 +41,7 @@ SRC_URI += "file://configure-targets.patch \
file://openssl-1.0.1e-cve-2014-0195.patch \
file://openssl-1.0.1e-cve-2014-0198.patch \
file://openssl-1.0.1e-cve-2014-0221.patch \
+ file://openssl-1.0.1e-cve-2014-0224.patch \
"
SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c"
--
1.9.3
^ permalink raw reply related [flat|nested] 7+ messages in thread* [dora][PATCH 5/6] openssl: fix CVE-2014-3470
2014-06-09 15:53 [dora][PATCH 0/6] OpenSSL CVE fixes for the dora branch Paul Eggleton
` (3 preceding siblings ...)
2014-06-09 15:53 ` [dora][PATCH 4/6] openssl: fix CVE-2014-0224 Paul Eggleton
@ 2014-06-09 15:53 ` Paul Eggleton
2014-06-09 15:53 ` [dora][PATCH 6/6] openssl: fix for CVE-2010-5298 Paul Eggleton
5 siblings, 0 replies; 7+ messages in thread
From: Paul Eggleton @ 2014-06-09 15:53 UTC (permalink / raw)
To: openembedded-core
From the OpenSSL Security Advisory [05 Jun 2014]
http://www.openssl.org/news/secadv_20140605.txt
Anonymous ECDH denial of service (CVE-2014-3470)
OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a
denial of service attack.
(Patch borrowed from Fedora.)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
.../openssl-1.0.1e-cve-2014-3470.patch | 31 ++++++++++++++++++++++
.../recipes-connectivity/openssl/openssl_1.0.1e.bb | 1 +
2 files changed, 32 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-3470.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-3470.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-3470.patch
new file mode 100644
index 0000000..025727f
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-3470.patch
@@ -0,0 +1,31 @@
+commit 4ad43d511f6cf064c66eb4bfd0fb0919b5dd8a86
+Author: Dr. Stephen Henson <steve@openssl.org>
+Date: Thu May 29 15:00:05 2014 +0100
+
+ Fix CVE-2014-3470
+
+ Check session_cert is not NULL before dereferencing it.
+
+Patch borrowed from Fedora
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+
+diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
+index d35376d..4324f8d 100644
+--- a/ssl/s3_clnt.c
++++ b/ssl/s3_clnt.c
+@@ -2511,6 +2511,13 @@ int ssl3_send_client_key_exchange(SSL *s)
+ int ecdh_clnt_cert = 0;
+ int field_size = 0;
+
++ if (s->session->sess_cert == NULL)
++ {
++ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
++ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
++ goto err;
++ }
++
+ /* Did we send out the client's
+ * ECDH share for use in premaster
+ * computation as part of client certificate?
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
index fae0b93..65083fb 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
@@ -42,6 +42,7 @@ SRC_URI += "file://configure-targets.patch \
file://openssl-1.0.1e-cve-2014-0198.patch \
file://openssl-1.0.1e-cve-2014-0221.patch \
file://openssl-1.0.1e-cve-2014-0224.patch \
+ file://openssl-1.0.1e-cve-2014-3470.patch \
"
SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c"
--
1.9.3
^ permalink raw reply related [flat|nested] 7+ messages in thread* [dora][PATCH 6/6] openssl: fix for CVE-2010-5298
2014-06-09 15:53 [dora][PATCH 0/6] OpenSSL CVE fixes for the dora branch Paul Eggleton
` (4 preceding siblings ...)
2014-06-09 15:53 ` [dora][PATCH 5/6] openssl: fix CVE-2014-3470 Paul Eggleton
@ 2014-06-09 15:53 ` Paul Eggleton
5 siblings, 0 replies; 7+ messages in thread
From: Paul Eggleton @ 2014-06-09 15:53 UTC (permalink / raw)
To: openembedded-core
From: Yue Tao <Yue.Tao@windriver.com>
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL
through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote
attackers to inject data across sessions or cause a denial of service
(use-after-free and parsing error) via an SSL connection in a
multithreaded environment.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298
(From OE-Core master rev: 751f81ed8dc488c500837aeb3eb41ebf3237e10b)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
.../openssl-1.0.1e/openssl-CVE-2010-5298.patch | 24 ++++++++++++++++++++++
.../recipes-connectivity/openssl/openssl_1.0.1e.bb | 1 +
2 files changed, 25 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2010-5298.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2010-5298.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2010-5298.patch
new file mode 100644
index 0000000..417a774
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2010-5298.patch
@@ -0,0 +1,24 @@
+openssl fix for CVE-2010-5298
+
+Upstream-Status: Backport
+
+Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL
+through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote
+attackers to inject data across sessions or cause a denial of service
+(use-after-free and parsing error) via an SSL connection in a
+multithreaded environment.
+
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298
+
+Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
+--- a/ssl/s3_pkt.c
++++ b/ssl/s3_pkt.c
+@@ -1013,7 +1013,7 @@ start:
+ {
+ s->rstate=SSL_ST_READ_HEADER;
+ rr->off=0;
+- if (s->mode & SSL_MODE_RELEASE_BUFFERS)
++ if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0)
+ ssl3_release_read_buffer(s);
+ }
+ }
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
index 65083fb..d639d0a 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
@@ -43,6 +43,7 @@ SRC_URI += "file://configure-targets.patch \
file://openssl-1.0.1e-cve-2014-0221.patch \
file://openssl-1.0.1e-cve-2014-0224.patch \
file://openssl-1.0.1e-cve-2014-3470.patch \
+ file://openssl-CVE-2010-5298.patch \
"
SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c"
--
1.9.3
^ permalink raw reply related [flat|nested] 7+ messages in thread