openssl: Revert 9 CVE fixes merged upstreamkrogoth

Revert "openssl: Security fix CVE-2016-6306" This reverts commit f73e0eb5d77764c00d6ae8db10528522fc8516bc. Revert "openssl: Security fix CVE-2016-6304" This reverts commit 35f3007f0e0c56bc2f96ab5893686191d099949f. Revert "openssl: Security fix CVE-2016-6303" This reverts commit 744b01090f6cf4984c11bb682693647a62103644. Revert "openssl: Security fix CVE-2016-6302" This reverts commit 8ac9ad185c0889af0bfb2fcd90a6987cb972eb0a. Revert "openssl: Security fix CVE-2016-2182" This reverts commit c95a5d22dedc5701d18e91e40a0c54802915187d. Revert "openssl: Security fix CVE-2016-2181" This reverts commit f0e2e3d84763477138d902f7d48ac2658266aa2b. Revert "openssl: Security fix CVE-2016-2180" This reverts commit 5493231d1ff5e9b259cd074245e909b5e39d926e. Revert "openssl: Security fix CVE-2016-2179" This reverts commit 331ca6f05824e5b005cbf504233b3c72275181d5. Revert "openssl: Security fix CVE-2016-2178" This reverts commit ac47871dfb962355c3c8971cd2fde2e4d03c9790. Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> Signed-off-by: Martin Borg <martin.borg@enea.com>
author: Adrian Dudau <adrian.dudau@enea.com> 2016-09-27 16:38:51 +0200
committer: Martin Borg <martin.borg@enea.com> 2016-09-29 13:37:39 +0200
commit: 96cf162f9d9e83121ec43a8baf940d4ebc75b811 (patch)
tree: b9f2df27caa54035f33f4aba79bcc060804c0dd4 /recipes-connectivity/openssl/openssl/CVE-2016-6304.patch
parent: f73e0eb5d77764c00d6ae8db10528522fc8516bc (diff)
download: meta-el-common-krogoth.tar.gz
1 files changed, 0 insertions, 75 deletions
diff --git a/recipes-connectivity/openssl/openssl/CVE-2016-6304.patch b/recipes-connectivity/openssl/openssl/CVE-2016-6304.patch
deleted file mode 100644
index 64508b5..0000000
--- a/recipes-connectivity/openssl/openssl/CVE-2016-6304.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From ea39b16b71e4e72a228a4535bd6d6a02c5edbc1f Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Fri, 9 Sep 2016 10:08:45 +0100
-Subject: [PATCH] Fix OCSP Status Request extension unbounded memory growth
-A malicious client can send an excessively large OCSP Status Request
-extension. If that client continually requests renegotiation,
-sending a large OCSP Status Request extension each time, then there will
-be unbounded memory growth on the server. This will eventually lead to a
-Denial Of Service attack through memory exhaustion. Servers with a
-default configuration are vulnerable even if they do not support OCSP.
-Builds using the "no-ocsp" build time option are not affected.
-I have also checked other extensions to see if they suffer from a similar
-problem but I could not find any other issues.
-CVE-2016-6304
-Issue reported by Shi Lei.
-Reviewed-by: Rich Salz <rsalz@openssl.org>
-Upstream-Status: Backport
-CVE: CVE-2016-6304
-Signed-off-by: Armin Kuster <akuster@mvista.com>
---
- ssl/t1_lib.c | 24 +++++++++++++++++-------
- 1 file changed, 17 insertions(+), 7 deletions(-)
-diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index fbcf2e6..e4b4e27 100644
--- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -2316,6 +2316,23 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
-                 size -= 2;
-                 if (dsize > size)
-                     goto err;
-+
-+                /*
-+                 * We remove any OCSP_RESPIDs from a previous handshake
-+                 * to prevent unbounded memory growth - CVE-2016-6304
-+                 */
-+                sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids,
-+                                        OCSP_RESPID_free);
-+                if (dsize > 0) {
-+                    s->tlsext_ocsp_ids = sk_OCSP_RESPID_new_null();
-+                    if (s->tlsext_ocsp_ids == NULL) {
-+                        *al = SSL_AD_INTERNAL_ERROR;
-+                        return 0;
-+                    }
-+                } else {
-+                    s->tlsext_ocsp_ids = NULL;
-+                }
-+
-                 while (dsize > 0) {
-                     OCSP_RESPID *id;
-                     int idsize;
-@@ -2335,13 +2352,6 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
-                         OCSP_RESPID_free(id);
-                         goto err;
-                     }
-                    if (!s->tlsext_ocsp_ids
-                        && !(s->tlsext_ocsp_ids =
-                             sk_OCSP_RESPID_new_null())) {
-                        OCSP_RESPID_free(id);
-                        *al = SSL_AD_INTERNAL_ERROR;
-                        return 0;
-                    }
-                     if (!sk_OCSP_RESPID_push(s->tlsext_ocsp_ids, id)) {
-                         OCSP_RESPID_free(id);
-                         *al = SSL_AD_INTERNAL_ERROR;
-- 
-2.7.4
author	Adrian Dudau <adrian.dudau@enea.com>	2016-09-27 16:38:51 +0200
committer	Martin Borg <martin.borg@enea.com>	2016-09-29 13:37:39 +0200
commit	96cf162f9d9e83121ec43a8baf940d4ebc75b811 (patch)
tree	b9f2df27caa54035f33f4aba79bcc060804c0dd4 /recipes-connectivity/openssl/openssl/CVE-2016-6304.patch
parent	f73e0eb5d77764c00d6ae8db10528522fc8516bc (diff)
download	meta-el-common-krogoth.tar.gz

diff --git a/recipes-connectivity/openssl/openssl/CVE-2016-6304.patch b/recipes-connectivity/openssl/openssl/CVE-2016-6304.patch deleted file mode 100644 index 64508b5..0000000 --- a/recipes-connectivity/openssl/openssl/CVE-2016-6304.patch +++ /dev/null
@@ -1,75 +0,0 @@
1	From ea39b16b71e4e72a228a4535bd6d6a02c5edbc1f Mon Sep 17 00:00:00 2001
2	From: Matt Caswell <matt@openssl.org>
3	Date: Fri, 9 Sep 2016 10:08:45 +0100
4	Subject: [PATCH] Fix OCSP Status Request extension unbounded memory growth
5
6	A malicious client can send an excessively large OCSP Status Request
7	extension. If that client continually requests renegotiation,
8	sending a large OCSP Status Request extension each time, then there will
9	be unbounded memory growth on the server. This will eventually lead to a
10	Denial Of Service attack through memory exhaustion. Servers with a
11	default configuration are vulnerable even if they do not support OCSP.
12	Builds using the "no-ocsp" build time option are not affected.
13
14	I have also checked other extensions to see if they suffer from a similar
15	problem but I could not find any other issues.
16
17	CVE-2016-6304
18
19	Issue reported by Shi Lei.
20
21	Reviewed-by: Rich Salz <rsalz@openssl.org>
22
23	Upstream-Status: Backport
24	CVE: CVE-2016-6304
25	Signed-off-by: Armin Kuster <akuster@mvista.com>
26
27	---
28	ssl/t1_lib.c \| 24 +++++++++++++++++-------
29	1 file changed, 17 insertions(+), 7 deletions(-)
30
31	diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
32	index fbcf2e6..e4b4e27 100644
33	--- a/ssl/t1_lib.c
34	+++ b/ssl/t1_lib.c
35	@@ -2316,6 +2316,23 @@ static int ssl_scan_clienthello_tlsext(SSL s, unsigned char *p,
36	size -= 2;
37	if (dsize > size)
38	goto err;
39	+
40	+ /*
41	+ * We remove any OCSP_RESPIDs from a previous handshake
42	+ * to prevent unbounded memory growth - CVE-2016-6304
43	+ */
44	+ sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids,
45	+ OCSP_RESPID_free);
46	+ if (dsize > 0) {
47	+ s->tlsext_ocsp_ids = sk_OCSP_RESPID_new_null();
48	+ if (s->tlsext_ocsp_ids == NULL) {
49	+ *al = SSL_AD_INTERNAL_ERROR;
50	+ return 0;
51	+ }
52	+ } else {
53	+ s->tlsext_ocsp_ids = NULL;
54	+ }
55	+
56	while (dsize > 0) {
57	OCSP_RESPID *id;
58	int idsize;
59	@@ -2335,13 +2352,6 @@ static int ssl_scan_clienthello_tlsext(SSL s, unsigned char *p,
60	OCSP_RESPID_free(id);
61	goto err;
62	}
63	- if (!s->tlsext_ocsp_ids
64	- && !(s->tlsext_ocsp_ids =
65	- sk_OCSP_RESPID_new_null())) {
66	- OCSP_RESPID_free(id);
67	- *al = SSL_AD_INTERNAL_ERROR;
68	- return 0;
69	- }
70	if (!sk_OCSP_RESPID_push(s->tlsext_ocsp_ids, id)) {
71	OCSP_RESPID_free(id);
72	*al = SSL_AD_INTERNAL_ERROR;
73	--
74	2.7.4
75