[openssl-commits] [openssl] OpenSSL_0_9_8-stable update
Matt Caswell
matt at openssl.org
Thu Dec 3 15:35:28 UTC 2015
The branch OpenSSL_0_9_8-stable has been updated
via 74743418dca737ff584530470c54d1a7061e7e0a (commit)
via c2ef67100cd0ca2321b5f1a437abb93fc7e11e37 (commit)
via 35c8d0d85fe71e41eb990655b249e398c7fd1435 (commit)
via 2cdafc51f008e65b2d5263a80ad0e89e9b56c8d3 (commit)
from e979e4715f3795cb59fcf46c77e7c714a184edd8 (commit)
- Log -----------------------------------------------------------------
commit 74743418dca737ff584530470c54d1a7061e7e0a
Author: Matt Caswell <matt at openssl.org>
Date: Thu Dec 3 15:00:54 2015 +0000
Prepare for 0.9.8zi-dev
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit c2ef67100cd0ca2321b5f1a437abb93fc7e11e37
Author: Matt Caswell <matt at openssl.org>
Date: Thu Dec 3 15:00:17 2015 +0000
Prepare for 0.9.8zh release
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 35c8d0d85fe71e41eb990655b249e398c7fd1435
Author: Matt Caswell <matt at openssl.org>
Date: Tue Dec 1 14:39:47 2015 +0000
Update CHANGES and NEWS
Update the CHANGES and NEWS files for the new release.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 2cdafc51f008e65b2d5263a80ad0e89e9b56c8d3
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Nov 10 19:03:07 2015 +0000
Fix leak with ASN.1 combine.
When parsing a combined structure pass a flag to the decode routine
so on error a pointer to the parent structure is not zeroed as
this will leak any additional components in the parent.
This can leak memory in any application parsing PKCS#7 or CMS structures.
CVE-2015-3195.
Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
libFuzzer.
PR#4131
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 16 +++++++++++++++-
NEWS | 6 +++++-
README | 2 +-
crypto/asn1/tasn_dec.c | 7 +++++--
crypto/opensslv.h | 6 +++---
openssl.spec | 2 +-
6 files changed, 30 insertions(+), 9 deletions(-)
diff --git a/CHANGES b/CHANGES
index ed2f0ec..d3f43af 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,10 +2,24 @@
OpenSSL CHANGES
_______________
- Changes between 0.9.8zg and 0.9.8zh [xx XXX xxxx]
+ Changes between 0.9.8zh and 0.9.8zi [xx XXX xxxx]
*)
+ Changes between 0.9.8zg and 0.9.8zh [3 Dec 2015]
+
+ *) X509_ATTRIBUTE memory leak
+
+ When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
+ memory. This structure is used by the PKCS#7 and CMS routines so any
+ application which reads PKCS#7 or CMS data from untrusted sources is
+ affected. SSL/TLS is not affected.
+
+ This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using
+ libFuzzer.
+ (CVE-2015-3195)
+ [Stephen Henson]
+
Changes between 0.9.8zf and 0.9.8zg [11 Jun 2015]
*) Malformed ECParameters causes infinite loop
diff --git a/NEWS b/NEWS
index 4ffbbab..f3130d4 100644
--- a/NEWS
+++ b/NEWS
@@ -5,10 +5,14 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
- Major changes between OpenSSL 0.9.8zg and OpenSSL 0.9.8zh [under development]
+ Major changes between OpenSSL 0.9.8zh and OpenSSL 0.9.8zi [under development]
o
+ Major changes between OpenSSL 0.9.8zg and OpenSSL 0.9.8zh [3 Dec 2015]
+
+ o X509_ATTRIBUTE memory leak (CVE-2015-3195)
+
Major changes between OpenSSL 0.9.8zf and OpenSSL 0.9.8zg [11 Jun 2015]
o Malformed ECParameters causes infinite loop (CVE-2015-1788)
diff --git a/README b/README
index 4827753..52df8f6 100644
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
- OpenSSL 0.9.8zh-dev
+ OpenSSL 0.9.8zi-dev
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 6e4a325..91e7698 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -178,6 +178,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
int otag;
int ret = 0;
ASN1_VALUE **pchptr, *ptmpval;
+ int combine = aclass & ASN1_TFLG_COMBINE;
+ aclass &= ~ASN1_TFLG_COMBINE;
if (!pval)
return 0;
if (aux && aux->asn1_cb)
@@ -498,7 +500,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
auxerr:
ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
err:
- ASN1_item_ex_free(pval, it);
+ if (combine == 0)
+ ASN1_item_ex_free(pval, it);
if (errtt)
ERR_add_error_data(4, "Field=", errtt->field_name,
", Type=", it->sname);
@@ -687,7 +690,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
} else {
/* Nothing special */
ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
- -1, 0, opt, ctx);
+ -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
goto err;
diff --git a/crypto/opensslv.h b/crypto/opensslv.h
index 9aadf3e..b81e308 100644
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -26,11 +26,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x00908210L
+# define OPENSSL_VERSION_NUMBER 0x00908220L
# ifdef OPENSSL_FIPS
-# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zh-fips-dev xx XXX xxxx"
+# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zi-fips-dev xx XXX xxxx"
# else
-# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zh-dev xx XXX xxxx"
+# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zi-dev xx XXX xxxx"
# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/openssl.spec b/openssl.spec
index 12e0705..0cbbd62 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -6,7 +6,7 @@ Release: 1
Summary: Secure Sockets Layer and cryptography libraries and tools
Name: openssl
-Version: 0.9.8zh
+Version: 0.9.8zi
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
License: OpenSSL
Group: System Environment/Libraries
More information about the openssl-commits
mailing list