<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div id="body" style='font-family:"Helvetica Neue", Helvetica, Arial, sans-serif;font-size:16px;color:#808080;width:570px;margin:0 auto'>
<table class="repository" background="" style="padding:0px;border:0px;width:100%;color:#606060;font-size:20px;margin-bottom:15px;margin-top:15px;">
<tr style="padding:0px;border:0px;">
<td style="padding:0px;border:0px;vertical-align:middle">
<img src="https://avatars.githubusercontent.com/u/3279138?s=40&d=https%3A%2F%2Ftravis-ci.org%2Fimages%2Fmailer%2Fmascot-avatar-40px.png" style="vertical-align:middle;width:40px;height:40px"> <span style="vertical-align:middle;margin-left:3px"><strong><a href="https://travis-ci.org/openssl/openssl" style="text-decoration:underline;color:#606060">openssl / openssl</a></strong> (<a href="https://github.com/openssl/openssl/tree/master" style="text-decoration:underline;color:#606060">master</a>)</span>
</td>
</tr>
</table>
<div id="build" class="failure" style="border-radius:5px;padding:0px;width:570px;font-size:13px">
<div class="content">
<table style="padding:0px;border:0px;width:100%;border-spacing:0">
<thead>
<tr style="padding:0px;border:0px;font-weight:700;font-size:18px;background-color:#fdcdce;color:#df192a">
<td style="border:0px;padding:0px 20px 0px 0px;border-top:1px solid #808080;border-bottom:1px solid #adadad;width:50px;padding:0px;text-align:center;vertical-align:middle;padding-top:5px;border-left:1px solid #606060;border-top-left-radius:5px"><div class="status-image" style="width:25px;background-size:25px;height:30px;margin-left:15px;margin-top:0px;vertical-align:middle"><img src="https://travis-ci.org/images/mailer/failed.png" width="25" height="25"></div></td>
<td class="build-message" style="padding:0px;border:0px;padding:0px 20px 0px 0px;vertical-align:middle;border-top:1px solid #808080;border-bottom:1px solid #adadad">
<span style="display:inline-block;margin-top:12px;vertical-align:middle"><a href="https://travis-ci.org/openssl/openssl/builds/161730913" style="text-decoration:none;font-weight:bold;color:#57769d;text-decoration:underline;color:#df192a">Build #6129 was broken.</a></span><img src="https://travis-ci.org/images/mailer/arrow-failed.png" style="float: right;" height="45">
</td>
<td align="right" class="time" style="padding:0px;border:0px;font-weight:normal;font-size:12px;padding:0px 20px 0px 0px;vertical-align:middle;border-top:1px solid #808080;border-bottom:1px solid #adadad;border-right:1px solid #606060;border-top-right-radius:5px">
<div class="stop-watch" style="vertical-align:middle;padding:0px;background-size:20px;display:inline-block;width:20px;height:20px"><img src="https://travis-ci.org/images/mailer/stopwatch-failed.png" width="20" height="20"></div> <span style="vertical-align:middle">45 minutes and 42 seconds</span>
</td>
</tr>
</thead>
<tbody style="margin-bottom:40px">
<tr style="padding:0px;border:0px">
<td class="profile-image" style="border:0px;padding:10px 20px 10px 0px;height:20px;width:50px;padding:0px;border-left:1px solid #adadad;padding-top:20px;padding-bottom:5px;text-align:center"><img src="https://secure.gravatar.com/avatar/10f7b441a32d5790efad9fc68cae4af2?s=15&d=https%3A%2F%2Ftravis-ci.org%2Fimages%2Fmailer%2Fmascot-avatar-15px.png"></td>
<td class="grey" style="padding:0px;border:0px;color:#808080;padding:10px 20px 10px 0px;height:20px;padding-top:20px;padding-bottom:5px"><strong>Matt Caswell</strong></td>
<td align="right" class="grey" style="padding:0px;border:0px;color:#808080;padding:10px 20px 10px 0px;height:20px;border-right:1px solid #adadad;padding-top:20px;padding-bottom:5px">
<a href="https://github.com/openssl/openssl/commit/48c054fec3506417b2598837b8062aae7114c200" style="text-decoration:underline;text-decoration:none;font-weight:bold;color:#57769d">48c054f</a> <a href="https://github.com/openssl/openssl/compare/41bff723c678...48c054fec350" style="text-decoration:underline;text-decoration:none;font-weight:bold;color:#57769d">Changeset →</a>
</td>
</tr>
<tr style="padding:0px;border:0px">
<td style="border:0px;padding:10px 20px 10px 0px;height:20px;width:50px;padding:0px;border-left:1px solid #adadad;border-bottom-left-radius:5px;border-bottom:1px solid #adadad"> </td>
<td colspan="2" class="grey" style="padding:0px;border:0px;color:#808080;padding:10px 20px 10px 0px;height:20px;border-right:1px solid #adadad;padding-bottom:20px;padding-top:0px;border-bottom:1px solid #adadad;border-bottom-right-radius:5px">Excessive allocation of memory in dtls1_preprocess_fragment()<br><br>This issue is very similar to CVE-2016-6307 described in the previous<br>commit. The underlying defect is different but the security analysis and<br>impacts are the same except that it impacts DTLS.<br><br>A DTLS message includes 3 bytes for its length in the header for the<br>message.<br>This would allow for messages up to 16Mb in length. Messages of this length<br>are excessive and OpenSSL includes a check to ensure that a peer is sending<br>reasonably sized messages in order to avoid too much memory being consumed<br>to service a connection. A flaw in the logic of version 1.1.0 means that<br>memory for the message is allocated too early, prior to the excessive<br>message length check. Due to way memory is allocated in OpenSSL this could<br>mean an attacker could force up to 21Mb to be allocated to service a<br>connection. This could lead to a Denial of Service through memory<br>exhaustion. However, the excessive message length check still takes place,<br>and this would cause the connection to immediately fail. Assuming that the<br>application calls SSL_free() on the failed conneciton in a timely manner<br>then the 21Mb of allocated memory will then be immediately freed again.<br>Therefore the excessive memory allocation will be transitory in nature.<br>This then means that there is only a security impact if:<br><br>1) The application does not call SSL_free() in a timely manner in the<br>event that the connection fails<br>or<br>2) The application is working in a constrained environment where there<br>is very little free memory<br>or<br>3) The attacker initiates multiple connection attempts such that there<br>are multiple connections in a state where memory has been allocated for<br>the connection; SSL_free() has not yet been called; and there is<br>insufficient memory to service the multiple requests.<br><br>Except in the instance of (1) above any Denial Of Service is likely to<br>be transitory because as soon as the connection fails the memory is<br>subsequently freed again in the SSL_free() call. However there is an<br>increased risk during this period of application crashes due to the lack<br>of memory - which would then mean a more serious Denial of Service.<br><br>This issue does not affect TLS users.<br><br>Issue was reported by Shi Lei (Gear Team, Qihoo 360 Inc.).<br><br>CVE-2016-6308<br><br>Reviewed-by: Richard Levitte <levitte@openssl.org></td>
</tr>
</tbody>
</table>
</div>
</div>
<div style="padding-top: 10px; width: 570px">
<span>
<div class="section footnote" style="margin-top:20px;border-radius:5px;border:1px solid #adadad;font-size:12px;padding:10px 20px;width:528px">
<p class="grey" style="color:#808080;margin-top:0px;margin-bottom:5px"><strong style="font-size:14px">Want to know about upcoming build environment updates?</strong></p>
<p class="grey" style="color:#808080;margin-top:0px;margin-bottom:5px">Would you like to stay up-to-date with the upcoming Travis CI build environment updates?
We set up a mailing list for you!
Sign up <a href="http://eepurl.com/9OCsP" style="text-decoration:underline;color:#606060">here</a>.
</p>
</div>
</span>
</div>
<table border="0" class="footer" style="padding:0px;border:0px;width:100%;background-color:#e9e6e7;border-radius:5px;border:1px solid #adadad;padding:10px;margin-top:20px;font-size:12px;width:570px;line-height:16px">
<tr style="padding:0px;border:0px">
<td style="padding:0px;border:0px">
<img src="https://travis-ci.org/images/mailer/email-footer-travis-logo.png" style="width: 50px; height: 50px;">
</td>
<td style="padding:0px;border:0px;color:#808080;" class="grey">
<a href="https://docs.travis-ci.com" style="text-decoration:underline;color:#606060">Documentation</a> about Travis CI<br>
Need help? Mail <a href="mailto:support@travis-ci.com" style="text-decoration:underline;color:#606060">support</a>!<br>
Choose who receives these build notification emails in your <a href="https://docs.travis-ci.com/user/notifications" style="text-decoration:underline;color:#606060">configuration file</a>.
</td>
</tr>
</table>
<div style="padding-top: 10px; width: 570px">
<img id="mascot" src="https://travis-ci.org/images/mailer/travis-mascot.png" width="80" style="float:right;margin-top:10px;margin-right:20px">
<div class="section footnote" style="margin-top:20px;border-radius:5px;border:1px solid #adadad;font-size:12px;padding:10px 20px;width:528px">
<p class="grey" style="color:#808080;margin-top:0px;margin-bottom:5px"><strong style="font-size:14px">Would you like to test your private code?</strong></p>
<p class="grey" style="color:#808080;margin-top:0px;margin-bottom:5px"><a href="https://travis-ci.com?utm_source=build_email_footer&utm_campaign=travis-ci.org&utm_medium=email" style="text-decoration:underline;color:#606060">Travis CI for Private Projects</a> could be your new best friend!</p>
</div>
</div>
</div>
<script type="application/ld+json">
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"action": {
"@type": "ViewAction",
"url": "https://travis-ci.org/openssl/openssl/builds/161730913",
"name": "View Build"
},
"description": "View Build #6129 on Travis CI"
}
</script>
</body>
</html>