summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul Eggleton <paul.eggleton@linux.intel.com>2014-04-08 19:37:40 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2014-04-09 09:00:47 +0100
commit99ab4edab0360fa15305ee74efb2c12cff91f184 (patch)
treeb6bc20272f175fbfedbd637269e6b5db3e4d8f24
parentb27dba2efdfd8ab1506b6f29b800035a48395102 (diff)
downloadpoky-99ab4edab0360fa15305ee74efb2c12cff91f184.tar.gz
openssl: backport fix for CVE-2014-0160
Fixes the "heartbleed" TLS vulnerability (CVE-2014-0160). More information here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 Patch borrowed from Debian; this is just a tweaked version of the upstream commit (without patching the CHANGES file which otherwise would fail to apply on top of this version). (From OE-Core rev: bebed954e8fea9d805a0eb6b284dd90177379242) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch118
-rw-r--r--meta/recipes-connectivity/openssl/openssl_1.0.1e.bb1
2 files changed, 119 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch
new file mode 100644
index 0000000000..c06cd64fc6
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch
@@ -0,0 +1,118 @@
1From 96db9023b881d7cd9f379b0c154650d6c108e9a3 Mon Sep 17 00:00:00 2001
2From: "Dr. Stephen Henson" <steve@openssl.org>
3Date: Sun, 6 Apr 2014 00:51:06 +0100
4Subject: [PATCH] Add heartbeat extension bounds check.
5
6A missing bounds check in the handling of the TLS heartbeat extension
7can be used to reveal up to 64k of memory to a connected client or
8server.
9
10Thanks for Neel Mehta of Google Security for discovering this bug and to
11Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
12preparing the fix (CVE-2014-0160)
13
14Patch (tweaked version of upstream fix without CHANGES change) borrowed
15from Debian.
16
17Upstream-Status: Backport
18Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
19
20---
21 ssl/d1_both.c | 26 ++++++++++++++++++--------
22 ssl/t1_lib.c | 14 +++++++++-----
23 3 files changed, 36 insertions(+), 13 deletions(-)
24
25diff --git a/ssl/d1_both.c b/ssl/d1_both.c
26index 7a5596a..2e8cf68 100644
27--- a/ssl/d1_both.c
28+++ b/ssl/d1_both.c
29@@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s)
30 unsigned int payload;
31 unsigned int padding = 16; /* Use minimum padding */
32
33- /* Read type and payload length first */
34- hbtype = *p++;
35- n2s(p, payload);
36- pl = p;
37-
38 if (s->msg_callback)
39 s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
40 &s->s3->rrec.data[0], s->s3->rrec.length,
41 s, s->msg_callback_arg);
42
43+ /* Read type and payload length first */
44+ if (1 + 2 + 16 > s->s3->rrec.length)
45+ return 0; /* silently discard */
46+ hbtype = *p++;
47+ n2s(p, payload);
48+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
49+ return 0; /* silently discard per RFC 6520 sec. 4 */
50+ pl = p;
51+
52 if (hbtype == TLS1_HB_REQUEST)
53 {
54 unsigned char *buffer, *bp;
55+ unsigned int write_length = 1 /* heartbeat type */ +
56+ 2 /* heartbeat length */ +
57+ payload + padding;
58 int r;
59
60+ if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
61+ return 0;
62+
63 /* Allocate memory for the response, size is 1 byte
64 * message type, plus 2 bytes payload length, plus
65 * payload, plus padding
66 */
67- buffer = OPENSSL_malloc(1 + 2 + payload + padding);
68+ buffer = OPENSSL_malloc(write_length);
69 bp = buffer;
70
71 /* Enter response type, length and copy payload */
72@@ -1489,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s)
73 /* Random padding */
74 RAND_pseudo_bytes(bp, padding);
75
76- r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
77+ r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
78
79 if (r >= 0 && s->msg_callback)
80 s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
81- buffer, 3 + payload + padding,
82+ buffer, write_length,
83 s, s->msg_callback_arg);
84
85 OPENSSL_free(buffer);
86diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
87index b82fada..bddffd9 100644
88--- a/ssl/t1_lib.c
89+++ b/ssl/t1_lib.c
90@@ -2588,16 +2588,20 @@ tls1_process_heartbeat(SSL *s)
91 unsigned int payload;
92 unsigned int padding = 16; /* Use minimum padding */
93
94- /* Read type and payload length first */
95- hbtype = *p++;
96- n2s(p, payload);
97- pl = p;
98-
99 if (s->msg_callback)
100 s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
101 &s->s3->rrec.data[0], s->s3->rrec.length,
102 s, s->msg_callback_arg);
103
104+ /* Read type and payload length first */
105+ if (1 + 2 + 16 > s->s3->rrec.length)
106+ return 0; /* silently discard */
107+ hbtype = *p++;
108+ n2s(p, payload);
109+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
110+ return 0; /* silently discard per RFC 6520 sec. 4 */
111+ pl = p;
112+
113 if (hbtype == TLS1_HB_REQUEST)
114 {
115 unsigned char *buffer, *bp;
116--
1171.9.1
118
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
index fa0a648cb1..485112c53e 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
@@ -35,6 +35,7 @@ SRC_URI += "file://configure-targets.patch \
35 file://0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch \ 35 file://0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch \
36 file://0001-Fix-DTLS-retransmission-from-previous-session.patch \ 36 file://0001-Fix-DTLS-retransmission-from-previous-session.patch \
37 file://0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch \ 37 file://0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch \
38 file://CVE-2014-0160.patch \
38 " 39 "
39 40
40SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c" 41SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c"