diff options
Diffstat (limited to 'meta/recipes-connectivity')
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch | 118 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl_1.0.1e.bb | 1 |
2 files changed, 119 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch new file mode 100644 index 0000000000..c06cd64fc6 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch | |||
@@ -0,0 +1,118 @@ | |||
1 | From 96db9023b881d7cd9f379b0c154650d6c108e9a3 Mon Sep 17 00:00:00 2001 | ||
2 | From: "Dr. Stephen Henson" <steve@openssl.org> | ||
3 | Date: Sun, 6 Apr 2014 00:51:06 +0100 | ||
4 | Subject: [PATCH] Add heartbeat extension bounds check. | ||
5 | |||
6 | A missing bounds check in the handling of the TLS heartbeat extension | ||
7 | can be used to reveal up to 64k of memory to a connected client or | ||
8 | server. | ||
9 | |||
10 | Thanks for Neel Mehta of Google Security for discovering this bug and to | ||
11 | Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for | ||
12 | preparing the fix (CVE-2014-0160) | ||
13 | |||
14 | Patch (tweaked version of upstream fix without CHANGES change) borrowed | ||
15 | from Debian. | ||
16 | |||
17 | Upstream-Status: Backport | ||
18 | Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> | ||
19 | |||
20 | --- | ||
21 | ssl/d1_both.c | 26 ++++++++++++++++++-------- | ||
22 | ssl/t1_lib.c | 14 +++++++++----- | ||
23 | 3 files changed, 36 insertions(+), 13 deletions(-) | ||
24 | |||
25 | diff --git a/ssl/d1_both.c b/ssl/d1_both.c | ||
26 | index 7a5596a..2e8cf68 100644 | ||
27 | --- a/ssl/d1_both.c | ||
28 | +++ b/ssl/d1_both.c | ||
29 | @@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s) | ||
30 | unsigned int payload; | ||
31 | unsigned int padding = 16; /* Use minimum padding */ | ||
32 | |||
33 | - /* Read type and payload length first */ | ||
34 | - hbtype = *p++; | ||
35 | - n2s(p, payload); | ||
36 | - pl = p; | ||
37 | - | ||
38 | if (s->msg_callback) | ||
39 | s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, | ||
40 | &s->s3->rrec.data[0], s->s3->rrec.length, | ||
41 | s, s->msg_callback_arg); | ||
42 | |||
43 | + /* Read type and payload length first */ | ||
44 | + if (1 + 2 + 16 > s->s3->rrec.length) | ||
45 | + return 0; /* silently discard */ | ||
46 | + hbtype = *p++; | ||
47 | + n2s(p, payload); | ||
48 | + if (1 + 2 + payload + 16 > s->s3->rrec.length) | ||
49 | + return 0; /* silently discard per RFC 6520 sec. 4 */ | ||
50 | + pl = p; | ||
51 | + | ||
52 | if (hbtype == TLS1_HB_REQUEST) | ||
53 | { | ||
54 | unsigned char *buffer, *bp; | ||
55 | + unsigned int write_length = 1 /* heartbeat type */ + | ||
56 | + 2 /* heartbeat length */ + | ||
57 | + payload + padding; | ||
58 | int r; | ||
59 | |||
60 | + if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) | ||
61 | + return 0; | ||
62 | + | ||
63 | /* Allocate memory for the response, size is 1 byte | ||
64 | * message type, plus 2 bytes payload length, plus | ||
65 | * payload, plus padding | ||
66 | */ | ||
67 | - buffer = OPENSSL_malloc(1 + 2 + payload + padding); | ||
68 | + buffer = OPENSSL_malloc(write_length); | ||
69 | bp = buffer; | ||
70 | |||
71 | /* Enter response type, length and copy payload */ | ||
72 | @@ -1489,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s) | ||
73 | /* Random padding */ | ||
74 | RAND_pseudo_bytes(bp, padding); | ||
75 | |||
76 | - r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); | ||
77 | + r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); | ||
78 | |||
79 | if (r >= 0 && s->msg_callback) | ||
80 | s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, | ||
81 | - buffer, 3 + payload + padding, | ||
82 | + buffer, write_length, | ||
83 | s, s->msg_callback_arg); | ||
84 | |||
85 | OPENSSL_free(buffer); | ||
86 | diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c | ||
87 | index b82fada..bddffd9 100644 | ||
88 | --- a/ssl/t1_lib.c | ||
89 | +++ b/ssl/t1_lib.c | ||
90 | @@ -2588,16 +2588,20 @@ tls1_process_heartbeat(SSL *s) | ||
91 | unsigned int payload; | ||
92 | unsigned int padding = 16; /* Use minimum padding */ | ||
93 | |||
94 | - /* Read type and payload length first */ | ||
95 | - hbtype = *p++; | ||
96 | - n2s(p, payload); | ||
97 | - pl = p; | ||
98 | - | ||
99 | if (s->msg_callback) | ||
100 | s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, | ||
101 | &s->s3->rrec.data[0], s->s3->rrec.length, | ||
102 | s, s->msg_callback_arg); | ||
103 | |||
104 | + /* Read type and payload length first */ | ||
105 | + if (1 + 2 + 16 > s->s3->rrec.length) | ||
106 | + return 0; /* silently discard */ | ||
107 | + hbtype = *p++; | ||
108 | + n2s(p, payload); | ||
109 | + if (1 + 2 + payload + 16 > s->s3->rrec.length) | ||
110 | + return 0; /* silently discard per RFC 6520 sec. 4 */ | ||
111 | + pl = p; | ||
112 | + | ||
113 | if (hbtype == TLS1_HB_REQUEST) | ||
114 | { | ||
115 | unsigned char *buffer, *bp; | ||
116 | -- | ||
117 | 1.9.1 | ||
118 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb index fa0a648cb1..485112c53e 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb | |||
@@ -35,6 +35,7 @@ SRC_URI += "file://configure-targets.patch \ | |||
35 | file://0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch \ | 35 | file://0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch \ |
36 | file://0001-Fix-DTLS-retransmission-from-previous-session.patch \ | 36 | file://0001-Fix-DTLS-retransmission-from-previous-session.patch \ |
37 | file://0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch \ | 37 | file://0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch \ |
38 | file://CVE-2014-0160.patch \ | ||
38 | " | 39 | " |
39 | 40 | ||
40 | SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c" | 41 | SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c" |