[openssl-commits] [openssl] OpenSSL_1_0_1-stable update
Dr. Stephen Henson
steve at openssl.org
Wed Sep 21 19:12:12 UTC 2016
The branch OpenSSL_1_0_1-stable has been updated
via bb1a4866034255749ac578adb06a76335fc117b1 (commit)
via 8289755d54e4cf34d502c630613d1dba60e30830 (commit)
via aa388af1e18988894a48b8f64ae994eaa4366d5d (commit)
from 52e623c4cb06fffa9d5e75c60b34b4bc130b12e9 (commit)
- Log -----------------------------------------------------------------
commit bb1a4866034255749ac578adb06a76335fc117b1
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Wed Sep 21 13:26:01 2016 +0100
Make message buffer slightly larger than message.
Grow TLS/DTLS 16 bytes more than strictly necessary as a precaution against
OOB reads. In most cases this will have no effect because the message buffer
will be large enough already.
Reviewed-by: Matt Caswell <matt at openssl.org>
(cherry picked from commit 006a788c84e541c8920dd2ad85fb62b52185c519)
commit 8289755d54e4cf34d502c630613d1dba60e30830
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Wed Sep 21 12:54:13 2016 +0100
Use SSL3_HM_HEADER_LENGTH instead of 4.
Reviewed-by: Matt Caswell <matt at openssl.org>
(cherry picked from commit bc9563f83d28342b5ec0073ec12d9e581e4f3317)
commit aa388af1e18988894a48b8f64ae994eaa4366d5d
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Wed Sep 21 12:57:01 2016 +0100
Remove unnecessary check.
The overflow check will never be triggered because the
the n2l3 result is always less than 2^24.
Reviewed-by: Matt Caswell <matt at openssl.org>
(cherry picked from commit 709ec8b3848e2ac201b86f49c5561debb8572ccd)
-----------------------------------------------------------------------
Summary of changes:
ssl/d1_both.c | 5 ++++-
ssl/s3_both.c | 35 ++++++++++++++++++++---------------
2 files changed, 24 insertions(+), 16 deletions(-)
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index ae292c4..0cf1e49 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -577,9 +577,12 @@ static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr,
/*
* msg_len is limited to 2^24, but is effectively checked against max
* above
+ *
+ * Make buffer slightly larger than message length as a precaution
+ * against small OOB reads e.g. CVE-2016-6306
*/
if (!BUF_MEM_grow_clean
- (s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) {
+ (s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH + 16)) {
SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB);
return SSL_AD_INTERNAL_ERROR;
}
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index c51fc6e..d798d83 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -427,21 +427,22 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
}
*ok = 1;
s->state = stn;
- s->init_msg = s->init_buf->data + 4;
+ s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH;
s->init_num = (int)s->s3->tmp.message_size;
return s->init_num;
}
p = (unsigned char *)s->init_buf->data;
- if (s->state == st1) { /* s->init_num < 4 */
+ if (s->state == st1) { /* s->init_num < SSL3_HM_HEADER_LENGTH */
int skip_message;
do {
- while (s->init_num < 4) {
+ while (s->init_num < SSL3_HM_HEADER_LENGTH) {
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
&p[s->init_num],
- 4 - s->init_num, 0);
+ SSL3_HM_HEADER_LENGTH -
+ s->init_num, 0);
if (i <= 0) {
s->rwstate = SSL_READING;
*ok = 0;
@@ -465,12 +466,13 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
- p, 4, s, s->msg_callback_arg);
+ p, SSL3_HM_HEADER_LENGTH, s,
+ s->msg_callback_arg);
}
}
while (skip_message);
- /* s->init_num == 4 */
+ /* s->init_num == SSL3_HM_HEADER_LENGTH */
if ((mt >= 0) && (*p != mt)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
@@ -497,19 +499,20 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
- if (l > (INT_MAX - 4)) { /* BUF_MEM_grow takes an 'int' parameter */
- al = SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
- goto f_err;
- }
- if (l && !BUF_MEM_grow_clean(s->init_buf, (int)l + 4)) {
+ /*
+ * Make buffer slightly larger than message length as a precaution
+ * against small OOB reads e.g. CVE-2016-6306
+ */
+ if (l
+ && !BUF_MEM_grow_clean(s->init_buf,
+ (int)l + SSL3_HM_HEADER_LENGTH + 16)) {
SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
goto err;
}
s->s3->tmp.message_size = l;
s->state = stn;
- s->init_msg = s->init_buf->data + 4;
+ s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH;
s->init_num = 0;
}
@@ -538,10 +541,12 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
#endif
/* Feed this message into MAC computation. */
- ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
+ ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
+ s->init_num + SSL3_HM_HEADER_LENGTH);
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data,
- (size_t)s->init_num + 4, s, s->msg_callback_arg);
+ (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s,
+ s->msg_callback_arg);
*ok = 1;
return s->init_num;
f_err:
More information about the openssl-commits
mailing list