8790292 2002-07-30 11:15 +0100 /28 rader/ Ben Laurie <ben@algroup.co.uk>
Sänt av: joel@lysator.liu.se
Importerad: 2002-07-30 16:13 av Brevbäraren
Extern mottagare: OpenSSL Announce <openssl-announce@openssl.org>
Extern mottagare: Bugtraq <BUGTRAQ@SECURITYFOCUS.COM>
Extern mottagare: OpenSSL Dev <openssl-dev@openssl.org>
Extern mottagare: openssl-users@openssl.org
Mottagare: Bugtraq (import) <23348>
Ärende: OpenSSL patches for other versions
------------------------------------------------------------
From: Ben Laurie <ben@algroup.co.uk>
To: OpenSSL Announce <openssl-announce@openssl.org>,
Bugtraq <BUGTRAQ@SECURITYFOCUS.COM>,
OpenSSL Dev <openssl-dev@openssl.org>, openssl-users@openssl.org
Message-ID: <3D466724.7060809@algroup.co.uk>
Enclosed are patches for today's OpenSSL security alert which apply to
other versions. The patch for 0.9.7 is supplied by Ben Laurie
<ben@algroup.co.uk> and the remainder by Vincent Danen (email not
supplied).
Patches are for 0.9.5a, 0.9.6 (use 0.9.6b patch), 0.9.6b, 0.9.6c,
0.9.7-dev.
These patches are known to apply correctly but have not been
thoroughly tested.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
Available for contract work.
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
(8790292) /Ben Laurie <ben@algroup.co.uk>/(Ombruten)
Bilaga (text/plain) i text 8790293
Bilaga (text/plain) i text 8790294
Bilaga (text/plain) i text 8790295
Bilaga (text/plain) i text 8790296
Kommentar i text 8791727 av Ademar de Souza Reis Jr. <ademar@conectiva.com.br>
8790293 2002-07-30 11:15 +0100 /374 rader/ Ben Laurie <ben@algroup.co.uk>
Bilagans filnamn: "openssl-0.9.5a-security.patch"
Importerad: 2002-07-30 16:13 av Brevbäraren
Extern mottagare: OpenSSL Announce <openssl-announce@openssl.org>
Extern mottagare: Bugtraq <BUGTRAQ@SECURITYFOCUS.COM>
Extern mottagare: OpenSSL Dev <openssl-dev@openssl.org>
Extern mottagare: openssl-users@openssl.org
Mottagare: Bugtraq (import) <23349>
Bilaga (text/plain) till text 8790292
Ärende: Bilaga (openssl-0.9.5a-security.patch) till: OpenSSL patches for other versions
------------------------------------------------------------
--- crypto/cryptlib.c.orig Fri Nov 23 13:57:59 2001
+++ crypto/cryptlib.c Fri Jul 26 10:43:56 2002
@@ -491,3 +491,11 @@
#endif
#endif
+
+void OpenSSLDie(const char *file,int line,const char *assertion)
+ {
+ fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
+ file,line,assertion);
+ abort();
+ }
+
--- crypto/cryptlib.h.orig Tue May 2 06:35:04 2000
+++ crypto/cryptlib.h Fri Jul 26 10:43:56 2002
@@ -89,6 +89,14 @@
#define X509_CERT_DIR_EVP "SSL_CERT_DIR"
#define X509_CERT_FILE_EVP "SSL_CERT_FILE"
+/* size of string represenations */
+#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
+#define HEX_SIZE(type) ((sizeof(type)*2)
+
+/* die if we have to */
+void OpenSSLDie(const char *file,int line,const char *assertion);
+#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
+
#ifdef __cplusplus
}
#endif
--- crypto/asn1/asn1_lib.c.orig Fri Mar 30 06:42:32 2001
+++ crypto/asn1/asn1_lib.c Fri Jul 26 10:43:56 2002
@@ -407,7 +407,7 @@
void asn1_add_error(unsigned char *address, int offset)
{
- char buf1[16],buf2[16];
+ char
buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
sprintf(buf1,"%lu",(unsigned long)address);
sprintf(buf2,"%d",offset);
--- crypto/conf/conf.c.orig Sun Jan 30 15:19:51 2000
+++ crypto/conf/conf.c Fri Jul 26 13:17:49 2002
@@ -64,7 +64,7 @@
#include <openssl/conf.h>
#include <openssl/buffer.h>
#include <openssl/err.h>
-
+#include "cryptlib.h"
#include "conf_lcl.h"
static void value_free_hash(CONF_VALUE *a, LHASH *conf);
@@ -123,12 +123,12 @@
{
LHASH *ret=NULL;
#define BUFSIZE 512
- char btmp[16];
int bufnum=0,i,ii;
BUF_MEM *buff=NULL;
char *s,*p,*end;
int again,n;
long eline=0;
+ char btmp[DECIMAL_SIZE(eline)+1];
CONF_VALUE *v=NULL,*vv,*tv;
CONF_VALUE *sv=NULL;
char *section=NULL,*buf;
--- crypto/objects/obj_dat.c.orig Mon Sep 4 09:34:35 2000
+++ crypto/objects/obj_dat.c Fri Jul 26 10:43:56 2002
@@ -428,7 +428,7 @@
unsigned long l;
unsigned char *p;
const char *s;
- char tbuf[32];
+ char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
if (buf_len <= 0) return(0);
--- ssl/s2_clnt.c.orig Sat Nov 10 03:43:51 2001
+++ ssl/s2_clnt.c Fri Jul 26 10:43:56 2002
@@ -116,6 +116,7 @@
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
+#include "cryptlib.h"
static SSL_METHOD *ssl2_get_client_method(int ver);
static int get_server_finished(SSL *s);
@@ -517,6 +518,7 @@
}
s->s2->conn_id_length=s->s2->tmp.conn_id_length;
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
return(1);
}
@@ -618,6 +620,7 @@
/* make key_arg data */
i=EVP_CIPHER_iv_length(c);
sess->key_arg_length=i;
+ die(i <= SSL_MAX_KEY_ARG_LENGTH);
if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
/* make a master key */
@@ -625,6 +628,7 @@
sess->master_key_length=i;
if (i > 0)
{
+ die(i <= sizeof sess->master_key);
if (RAND_bytes(sess->master_key,i) <= 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@@ -668,6 +672,7 @@
d+=enc;
karg=sess->key_arg_length;
s2n(karg,p); /* key arg size */
+ die(karg <= sizeof sess->key_arg);
memcpy(d,sess->key_arg,(unsigned int)karg);
d+=karg;
@@ -688,6 +693,7 @@
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_CLIENT_FINISHED;
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -944,6 +950,8 @@
{
if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
{
+ die(s->session->session_id_length
+ <= sizeof s->session->session_id);
if (memcmp(buf,s->session->session_id,
(unsigned int)s->session->session_id_length) != 0)
{
--- ssl/s2_lib.c.orig Tue Dec 26 05:06:47 2000
+++ ssl/s2_lib.c Fri Jul 26 10:52:20 2002
@@ -62,6 +62,7 @@
#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/md5.h>
+#include "cryptlib.h"
static long ssl2_default_timeout(void );
const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@@ -425,10 +426,14 @@
#endif
km=s->s2->key_material;
+ die(s->s2->key_material_length <= sizeof s->s2->key_material);
for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
{
MD5_Init(&ctx);
-
+
+ die(s->session->master_key_length >= 0
+ && s->session->master_key_length
+ < sizeof s->session->master_key);
MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
MD5_Update(&ctx,&c,1);
c++;
@@ -463,6 +468,7 @@
/* state=s->rwstate;*/
error=s->error;
s->error=0;
+ die(error >= 0 && error <= 3);
i=ssl2_write(s,&(buf[3-error]),error);
/* if (i == error) s->rwstate=state; */
--- ssl/s2_srvr.c.orig Mon Jul 9 08:11:04 2001
+++ ssl/s2_srvr.c Fri Jul 26 12:11:39 2002
@@ -63,6 +63,7 @@
#include <openssl/rand.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
+#include "cryptlib.h"
static SSL_METHOD *ssl2_get_server_method(int ver);
static int get_client_master_key(SSL *s);
@@ -361,12 +362,19 @@
n2s(p,i); s->s2->tmp.clear=i;
n2s(p,i); s->s2->tmp.enc=i;
n2s(p,i); s->session->key_arg_length=i;
+ if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
+ {
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+ SSL_R_KEY_ARG_TOO_LONG);
+ return -1;
+ }
s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
s->init_num=0;
}
/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
p=(unsigned char *)s->init_buf->data;
+ die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
keya=s->session->key_arg_length;
n=s->s2->tmp.clear+s->s2->tmp.enc+keya - s->init_num;
i=ssl2_read(s,(char *)&(p[s->init_num]),n);
@@ -440,6 +448,7 @@
#endif
if (is_export) i+=s->s2->tmp.clear;
+ die(i <= SSL_MAX_MASTER_KEY_LENGTH);
s->session->master_key_length=i;
memcpy(s->session->master_key,p,(unsigned int)i);
return(1);
@@ -580,6 +589,7 @@
p+=s->s2->tmp.session_id_length;
/* challenge */
+ die(s->s2->challenge_length <= sizeof s->s2->challenge);
memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
return(1);
mem_err:
@@ -730,6 +740,7 @@
}
/* SSL2_ST_GET_CLIENT_FINISHED_B */
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
i=ssl2_read(s,(char *)&(p[s->init_num]),s->s2->conn_id_length-s->init_num);
if (i < (int)s->s2->conn_id_length-s->init_num)
{
@@ -752,6 +763,7 @@
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_SERVER_VERIFY;
+ die(s->s2->challenge_length <= sizeof s->s2->challenge);
memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
/* p+=s->s2->challenge_length; */
@@ -771,6 +783,8 @@
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_SERVER_FINISHED;
+ die(s->session->session_id_length
+ <= sizeof s->session->session_id);
memcpy(p,s->session->session_id,
(unsigned int)s->session->session_id_length);
/* p+=s->session->session_id_length; */
--- ssl/s3_clnt.c.orig Thu Oct 25 02:18:54 2001
+++ ssl/s3_clnt.c Fri Jul 26 10:56:23 2002
@@ -64,6 +64,7 @@
#include <openssl/sha.h>
#include <openssl/evp.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
static SSL_METHOD *ssl3_get_client_method(int ver);
static int ssl3_client_hello(SSL *s);
@@ -492,6 +493,7 @@
*(p++)=i;
if (i != 0)
{
+ die(i <= sizeof s->session->session_id);
memcpy(p,s->session->session_id,i);
p+=i;
}
@@ -572,6 +574,14 @@
/* get the session-id */
j= *(p++);
+
+ if(j > sizeof s->session->session_id)
+ {
+ al=SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+ SSL_R_SSL3_SESSION_ID_TOO_LONG);
+ goto f_err;
+ }
if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
{
--- ssl/ssl.h.orig Mon Dec 17 12:24:39 2001
+++ ssl/ssl.h Fri Jul 26 11:36:19 2002
@@ -1423,6 +1423,7 @@
#define SSL_R_INVALID_COMMAND 280
#define SSL_R_INVALID_PURPOSE 278
#define SSL_R_INVALID_TRUST 279
+#define SSL_R_KEY_ARG_TOO_LONG 1112
#define SSL_R_LENGTH_MISMATCH 159
#define SSL_R_LENGTH_TOO_SHORT 160
#define SSL_R_LIBRARY_BUG 274
@@ -1491,6 +1492,7 @@
#define SSL_R_SHORT_READ 219
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
+#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
--- ssl/ssl_asn1.c.orig Thu Jun 1 16:19:19 2000
+++ ssl/ssl_asn1.c Fri Jul 26 11:37:53 2002
@@ -62,6 +62,7 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
typedef struct ssl_session_asn1_st
{
@@ -275,6 +276,7 @@
os.length=i;
ret->session_id_length=os.length;
+ die(os.length <= sizeof ret->session_id);
memcpy(ret->session_id,os.data,os.length);
M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
--- ssl/ssl_err.c.orig Fri Nov 9 18:15:29 2001
+++ ssl/ssl_err.c Fri Jul 26 11:39:21 2002
@@ -1,6 +1,6 @@
/* ssl/ssl_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -275,6 +275,7 @@
{SSL_R_INVALID_COMMAND ,"invalid command"},
{SSL_R_INVALID_PURPOSE ,"invalid purpose"},
{SSL_R_INVALID_TRUST ,"invalid trust"},
+{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"},
{SSL_R_LENGTH_MISMATCH ,"length mismatch"},
{SSL_R_LENGTH_TOO_SHORT ,"length too short"},
{SSL_R_LIBRARY_BUG ,"library bug"},
@@ -343,6 +344,7 @@
{SSL_R_SHORT_READ ,"short read"},
{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
+{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},
{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"},
--- ssl/ssl_sess.c.orig Wed Nov 29 11:12:32 2000
+++ ssl/ssl_sess.c Fri Jul 26 10:43:56 2002
@@ -60,6 +60,7 @@
#include <openssl/lhash.h>
#include <openssl/rand.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
@@ -199,6 +200,7 @@
ss->session_id_length=0;
}
+ die(s->sid_ctx_length <= sizeof ss->sid_ctx);
memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
ss->sid_ctx_length=s->sid_ctx_length;
s->session=ss;
--- ssl/s3_srvr.c.orig Thu Oct 25 02:18:56 2001
+++ ssl/s3_srvr.c Fri Jul 26 11:27:08 2002
@@ -122,6 +122,7 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
static SSL_METHOD *ssl3_get_server_method(int ver);
static int ssl3_get_client_hello(SSL *s);
@@ -942,6 +943,7 @@
s->session->session_id_length=0;
sl=s->session->session_id_length;
+ die(sl <= sizeof s->session->session_id);
*(p++)=sl;
memcpy(p,s->session->session_id,sl);
p+=sl;
(8790293) /Ben Laurie <ben@algroup.co.uk>/(Ombruten)
8790294 2002-07-30 11:15 +0100 /373 rader/ Ben Laurie <ben@algroup.co.uk>
Bilagans filnamn: "openssl-0.9.6b-security.patch"
Importerad: 2002-07-30 16:13 av Brevbäraren
Extern mottagare: OpenSSL Announce <openssl-announce@openssl.org>
Extern mottagare: Bugtraq <BUGTRAQ@SECURITYFOCUS.COM>
Extern mottagare: OpenSSL Dev <openssl-dev@openssl.org>
Extern mottagare: openssl-users@openssl.org
Mottagare: Bugtraq (import) <23350>
Bilaga (text/plain) till text 8790292
Ärende: Bilaga (openssl-0.9.6b-security.patch) till: OpenSSL patches for other versions
------------------------------------------------------------
--- crypto/cryptlib.c.orig Fri Nov 23 13:57:59 2001
+++ crypto/cryptlib.c Fri Jul 26 10:43:56 2002
@@ -491,3 +491,11 @@
#endif
#endif
+
+void OpenSSLDie(const char *file,int line,const char *assertion)
+ {
+ fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
+ file,line,assertion);
+ abort();
+ }
+
--- crypto/cryptlib.h.orig Tue May 2 06:35:04 2000
+++ crypto/cryptlib.h Fri Jul 26 10:43:56 2002
@@ -89,6 +89,14 @@
#define X509_CERT_DIR_EVP "SSL_CERT_DIR"
#define X509_CERT_FILE_EVP "SSL_CERT_FILE"
+/* size of string represenations */
+#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
+#define HEX_SIZE(type) ((sizeof(type)*2)
+
+/* die if we have to */
+void OpenSSLDie(const char *file,int line,const char *assertion);
+#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
+
#ifdef __cplusplus
}
#endif
--- crypto/asn1/asn1_lib.c.orig Fri Mar 30 06:42:32 2001
+++ crypto/asn1/asn1_lib.c Fri Jul 26 10:43:56 2002
@@ -407,7 +407,7 @@
void asn1_add_error(unsigned char *address, int offset)
{
- char buf1[16],buf2[16];
+ char
buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
sprintf(buf1,"%lu",(unsigned long)address);
sprintf(buf2,"%d",offset);
--- crypto/conf/conf_def.c.orig Tue Jun 6 09:21:12 2000
+++ crypto/conf/conf_def.c Fri Jul 26 10:43:56 2002
@@ -67,6 +67,7 @@
#include "conf_def.h"
#include <openssl/buffer.h>
#include <openssl/err.h>
+#include "cryptlib.h"
static char *eat_ws(CONF *conf, char *p);
static char *eat_alpha_numeric(CONF *conf, char *p);
@@ -180,12 +181,12 @@
static int def_load(CONF *conf, BIO *in, long *line)
{
#define BUFSIZE 512
- char btmp[16];
int bufnum=0,i,ii;
BUF_MEM *buff=NULL;
char *s,*p,*end;
int again,n;
long eline=0;
+ char btmp[DECIMAL_SIZE(eline)+1];
CONF_VALUE *v=NULL,*tv;
CONF_VALUE *sv=NULL;
char *section=NULL,*buf;
--- crypto/objects/obj_dat.c.orig Mon Sep 4 09:34:35 2000
+++ crypto/objects/obj_dat.c Fri Jul 26 10:43:56 2002
@@ -428,7 +428,7 @@
unsigned long l;
unsigned char *p;
const char *s;
- char tbuf[32];
+ char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
if (buf_len <= 0) return(0);
--- ssl/s2_clnt.c.orig Sat Nov 10 03:43:51 2001
+++ ssl/s2_clnt.c Fri Jul 26 10:43:56 2002
@@ -116,6 +116,7 @@
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
+#include "cryptlib.h"
static SSL_METHOD *ssl2_get_client_method(int ver);
static int get_server_finished(SSL *s);
@@ -517,6 +518,7 @@
}
s->s2->conn_id_length=s->s2->tmp.conn_id_length;
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
return(1);
}
@@ -618,6 +620,7 @@
/* make key_arg data */
i=EVP_CIPHER_iv_length(c);
sess->key_arg_length=i;
+ die(i <= SSL_MAX_KEY_ARG_LENGTH);
if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
/* make a master key */
@@ -625,6 +628,7 @@
sess->master_key_length=i;
if (i > 0)
{
+ die(i <= sizeof sess->master_key);
if (RAND_bytes(sess->master_key,i) <= 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@@ -668,6 +672,7 @@
d+=enc;
karg=sess->key_arg_length;
s2n(karg,p); /* key arg size */
+ die(karg <= sizeof sess->key_arg);
memcpy(d,sess->key_arg,(unsigned int)karg);
d+=karg;
@@ -688,6 +693,7 @@
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_CLIENT_FINISHED;
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -944,6 +950,8 @@
{
if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
{
+ die(s->session->session_id_length
+ <= sizeof s->session->session_id);
if (memcmp(buf,s->session->session_id,
(unsigned int)s->session->session_id_length) != 0)
{
--- ssl/s2_lib.c.orig Tue Dec 26 05:06:47 2000
+++ ssl/s2_lib.c Fri Jul 26 10:52:20 2002
@@ -62,6 +62,7 @@
#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/md5.h>
+#include "cryptlib.h"
static long ssl2_default_timeout(void );
const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@@ -425,10 +426,14 @@
#endif
km=s->s2->key_material;
+ die(s->s2->key_material_length <= sizeof s->s2->key_material);
for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
{
MD5_Init(&ctx);
-
+
+ die(s->session->master_key_length >= 0
+ && s->session->master_key_length
+ < sizeof s->session->master_key);
MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
MD5_Update(&ctx,&c,1);
c++;
@@ -463,6 +468,7 @@
/* state=s->rwstate;*/
error=s->error;
s->error=0;
+ die(error >= 0 && error <= 3);
i=ssl2_write(s,&(buf[3-error]),error);
/* if (i == error) s->rwstate=state; */
--- ssl/s2_srvr.c.orig Mon Jul 9 08:11:04 2001
+++ ssl/s2_srvr.c Fri Jul 26 12:11:39 2002
@@ -63,6 +63,7 @@
#include <openssl/rand.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
+#include "cryptlib.h"
static SSL_METHOD *ssl2_get_server_method(int ver);
static int get_client_master_key(SSL *s);
@@ -361,12 +362,19 @@
n2s(p,i); s->s2->tmp.clear=i;
n2s(p,i); s->s2->tmp.enc=i;
n2s(p,i); s->session->key_arg_length=i;
+ if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
+ {
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+ SSL_R_KEY_ARG_TOO_LONG);
+ return -1;
+ }
s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
s->init_num=0;
}
/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
p=(unsigned char *)s->init_buf->data;
+ die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
keya=s->session->key_arg_length;
n=s->s2->tmp.clear+s->s2->tmp.enc+keya - s->init_num;
i=ssl2_read(s,(char *)&(p[s->init_num]),n);
@@ -440,6 +448,7 @@
#endif
if (is_export) i+=s->s2->tmp.clear;
+ die(i <= SSL_MAX_MASTER_KEY_LENGTH);
s->session->master_key_length=i;
memcpy(s->session->master_key,p,(unsigned int)i);
return(1);
@@ -580,6 +589,7 @@
p+=s->s2->tmp.session_id_length;
/* challenge */
+ die(s->s2->challenge_length <= sizeof s->s2->challenge);
memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
return(1);
mem_err:
@@ -730,6 +740,7 @@
}
/* SSL2_ST_GET_CLIENT_FINISHED_B */
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
i=ssl2_read(s,(char *)&(p[s->init_num]),s->s2->conn_id_length-s->init_num);
if (i < (int)s->s2->conn_id_length-s->init_num)
{
@@ -752,6 +763,7 @@
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_SERVER_VERIFY;
+ die(s->s2->challenge_length <= sizeof s->s2->challenge);
memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
/* p+=s->s2->challenge_length; */
@@ -771,6 +783,8 @@
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_SERVER_FINISHED;
+ die(s->session->session_id_length
+ <= sizeof s->session->session_id);
memcpy(p,s->session->session_id,
(unsigned int)s->session->session_id_length);
/* p+=s->session->session_id_length; */
--- ssl/s3_clnt.c.orig Thu Oct 25 02:18:54 2001
+++ ssl/s3_clnt.c Fri Jul 26 10:56:23 2002
@@ -64,6 +64,7 @@
#include <openssl/sha.h>
#include <openssl/evp.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
static SSL_METHOD *ssl3_get_client_method(int ver);
static int ssl3_client_hello(SSL *s);
@@ -492,6 +493,7 @@
*(p++)=i;
if (i != 0)
{
+ die(i <= sizeof s->session->session_id);
memcpy(p,s->session->session_id,i);
p+=i;
}
@@ -572,6 +574,14 @@
/* get the session-id */
j= *(p++);
+
+ if(j > sizeof s->session->session_id)
+ {
+ al=SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+ SSL_R_SSL3_SESSION_ID_TOO_LONG);
+ goto f_err;
+ }
if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
{
--- ssl/ssl.h.orig Mon Dec 17 12:24:39 2001
+++ ssl/ssl.h Fri Jul 26 11:36:19 2002
@@ -1423,6 +1423,7 @@
#define SSL_R_INVALID_COMMAND 280
#define SSL_R_INVALID_PURPOSE 278
#define SSL_R_INVALID_TRUST 279
+#define SSL_R_KEY_ARG_TOO_LONG 1112
#define SSL_R_LENGTH_MISMATCH 159
#define SSL_R_LENGTH_TOO_SHORT 160
#define SSL_R_LIBRARY_BUG 274
@@ -1491,6 +1492,7 @@
#define SSL_R_SHORT_READ 219
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
+#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
--- ssl/ssl_asn1.c.orig Thu Jun 1 16:19:19 2000
+++ ssl/ssl_asn1.c Fri Jul 26 11:37:53 2002
@@ -62,6 +62,7 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
typedef struct ssl_session_asn1_st
{
@@ -275,6 +276,7 @@
os.length=i;
ret->session_id_length=os.length;
+ die(os.length <= sizeof ret->session_id);
memcpy(ret->session_id,os.data,os.length);
M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
--- ssl/ssl_err.c.orig Fri Nov 9 18:15:29 2001
+++ ssl/ssl_err.c Fri Jul 26 11:39:21 2002
@@ -1,6 +1,6 @@
/* ssl/ssl_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -275,6 +275,7 @@
{SSL_R_INVALID_COMMAND ,"invalid command"},
{SSL_R_INVALID_PURPOSE ,"invalid purpose"},
{SSL_R_INVALID_TRUST ,"invalid trust"},
+{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"},
{SSL_R_LENGTH_MISMATCH ,"length mismatch"},
{SSL_R_LENGTH_TOO_SHORT ,"length too short"},
{SSL_R_LIBRARY_BUG ,"library bug"},
@@ -343,6 +344,7 @@
{SSL_R_SHORT_READ ,"short read"},
{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
+{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},
{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"},
--- ssl/ssl_sess.c.orig Wed Nov 29 11:12:32 2000
+++ ssl/ssl_sess.c Fri Jul 26 10:43:56 2002
@@ -60,6 +60,7 @@
#include <openssl/lhash.h>
#include <openssl/rand.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
@@ -199,6 +200,7 @@
ss->session_id_length=0;
}
+ die(s->sid_ctx_length <= sizeof ss->sid_ctx);
memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
ss->sid_ctx_length=s->sid_ctx_length;
s->session=ss;
--- ssl/s3_srvr.c.orig Thu Oct 25 02:18:56 2001
+++ ssl/s3_srvr.c Fri Jul 26 11:27:08 2002
@@ -122,6 +122,7 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
static SSL_METHOD *ssl3_get_server_method(int ver);
static int ssl3_get_client_hello(SSL *s);
@@ -942,6 +943,7 @@
s->session->session_id_length=0;
sl=s->session->session_id_length;
+ die(sl <= sizeof s->session->session_id);
*(p++)=sl;
memcpy(p,s->session->session_id,sl);
p+=sl;
(8790294) /Ben Laurie <ben@algroup.co.uk>/(Ombruten)
8790295 2002-07-30 11:15 +0100 /372 rader/ Ben Laurie <ben@algroup.co.uk>
Bilagans filnamn: "openssl-0.9.6c-security.patch"
Importerad: 2002-07-30 16:13 av Brevbäraren
Extern mottagare: OpenSSL Announce <openssl-announce@openssl.org>
Extern mottagare: Bugtraq <BUGTRAQ@SECURITYFOCUS.COM>
Extern mottagare: OpenSSL Dev <openssl-dev@openssl.org>
Extern mottagare: openssl-users@openssl.org
Mottagare: Bugtraq (import) <23351>
Bilaga (text/plain) till text 8790292
Ärende: Bilaga (openssl-0.9.6c-security.patch) till: OpenSSL patches for other versions
------------------------------------------------------------
--- crypto/cryptlib.c.orig Fri Nov 23 13:57:59 2001
+++ crypto/cryptlib.c Fri Jul 26 10:43:56 2002
@@ -491,3 +491,11 @@
#endif
#endif
+
+void OpenSSLDie(const char *file,int line,const char *assertion)
+ {
+ fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
+ file,line,assertion);
+ abort();
+ }
+
--- crypto/cryptlib.h.orig Tue May 2 06:35:04 2000
+++ crypto/cryptlib.h Fri Jul 26 10:43:56 2002
@@ -89,6 +89,14 @@
#define X509_CERT_DIR_EVP "SSL_CERT_DIR"
#define X509_CERT_FILE_EVP "SSL_CERT_FILE"
+/* size of string represenations */
+#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
+#define HEX_SIZE(type) ((sizeof(type)*2)
+
+/* die if we have to */
+void OpenSSLDie(const char *file,int line,const char *assertion);
+#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
+
#ifdef __cplusplus
}
#endif
--- crypto/asn1/asn1_lib.c.orig Fri Mar 30 06:42:32 2001
+++ crypto/asn1/asn1_lib.c Fri Jul 26 10:43:56 2002
@@ -407,7 +407,7 @@
void asn1_add_error(unsigned char *address, int offset)
{
- char buf1[16],buf2[16];
+ char
buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
sprintf(buf1,"%lu",(unsigned long)address);
sprintf(buf2,"%d",offset);
--- crypto/conf/conf_def.c.orig Tue Jun 6 09:21:12 2000
+++ crypto/conf/conf_def.c Fri Jul 26 10:43:56 2002
@@ -67,6 +67,7 @@
#include "conf_def.h"
#include <openssl/buffer.h>
#include <openssl/err.h>
+#include "cryptlib.h"
static char *eat_ws(CONF *conf, char *p);
static char *eat_alpha_numeric(CONF *conf, char *p);
@@ -180,12 +181,12 @@
static int def_load(CONF *conf, BIO *in, long *line)
{
#define BUFSIZE 512
- char btmp[16];
int bufnum=0,i,ii;
BUF_MEM *buff=NULL;
char *s,*p,*end;
int again,n;
long eline=0;
+ char btmp[DECIMAL_SIZE(eline)+1];
CONF_VALUE *v=NULL,*tv;
CONF_VALUE *sv=NULL;
char *section=NULL,*buf;
--- crypto/objects/obj_dat.c.orig Mon Sep 4 09:34:35 2000
+++ crypto/objects/obj_dat.c Fri Jul 26 10:43:56 2002
@@ -428,7 +428,7 @@
unsigned long l;
unsigned char *p;
const char *s;
- char tbuf[32];
+ char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
if (buf_len <= 0) return(0);
--- ssl/s2_clnt.c.orig Sat Nov 10 03:43:51 2001
+++ ssl/s2_clnt.c Fri Jul 26 10:43:56 2002
@@ -116,6 +116,7 @@
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
+#include "cryptlib.h"
static SSL_METHOD *ssl2_get_client_method(int ver);
static int get_server_finished(SSL *s);
@@ -517,6 +518,7 @@
}
s->s2->conn_id_length=s->s2->tmp.conn_id_length;
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
return(1);
}
@@ -618,6 +620,7 @@
/* make key_arg data */
i=EVP_CIPHER_iv_length(c);
sess->key_arg_length=i;
+ die(i <= SSL_MAX_KEY_ARG_LENGTH);
if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
/* make a master key */
@@ -625,6 +628,7 @@
sess->master_key_length=i;
if (i > 0)
{
+ die(i <= sizeof sess->master_key);
if (RAND_bytes(sess->master_key,i) <= 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@@ -668,6 +672,7 @@
d+=enc;
karg=sess->key_arg_length;
s2n(karg,p); /* key arg size */
+ die(karg <= sizeof sess->key_arg);
memcpy(d,sess->key_arg,(unsigned int)karg);
d+=karg;
@@ -688,6 +693,7 @@
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_CLIENT_FINISHED;
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -944,6 +950,8 @@
{
if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
{
+ die(s->session->session_id_length
+ <= sizeof s->session->session_id);
if (memcmp(buf,s->session->session_id,
(unsigned int)s->session->session_id_length) != 0)
{
--- ssl/s2_lib.c.orig Tue Dec 26 05:06:47 2000
+++ ssl/s2_lib.c Fri Jul 26 10:52:20 2002
@@ -62,6 +62,7 @@
#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/md5.h>
+#include "cryptlib.h"
static long ssl2_default_timeout(void );
const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@@ -425,10 +426,14 @@
#endif
km=s->s2->key_material;
+ die(s->s2->key_material_length <= sizeof s->s2->key_material);
for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
{
MD5_Init(&ctx);
-
+
+ die(s->session->master_key_length >= 0
+ && s->session->master_key_length
+ < sizeof s->session->master_key);
MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
MD5_Update(&ctx,&c,1);
c++;
@@ -463,6 +468,7 @@
/* state=s->rwstate;*/
error=s->error;
s->error=0;
+ die(error >= 0 && error <= 3);
i=ssl2_write(s,&(buf[3-error]),error);
/* if (i == error) s->rwstate=state; */
--- ssl/s2_srvr.c.orig Wed Nov 14 14:19:47 2001
+++ ssl/s2_srvr.c Fri Jul 26 10:43:56 2002
@@ -116,6 +116,7 @@
#include <openssl/rand.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
+#include "cryptlib.h"
static SSL_METHOD *ssl2_get_server_method(int ver);
static int get_client_master_key(SSL *s);
@@ -417,11 +418,18 @@
n2s(p,i); s->s2->tmp.clear=i;
n2s(p,i); s->s2->tmp.enc=i;
n2s(p,i); s->session->key_arg_length=i;
+ if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
+ {
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+ SSL_R_KEY_ARG_TOO_LONG);
+ return -1;
+ }
s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
}
/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
p=(unsigned char *)s->init_buf->data;
+ die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
keya=s->session->key_arg_length;
len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
@@ -502,6 +510,7 @@
#endif
if (is_export) i+=s->s2->tmp.clear;
+ die(i <= SSL_MAX_MASTER_KEY_LENGTH);
s->session->master_key_length=i;
memcpy(s->session->master_key,p,(unsigned int)i);
return(1);
@@ -649,6 +658,7 @@
p+=s->s2->tmp.session_id_length;
/* challenge */
+ die(s->s2->challenge_length <= sizeof s->s2->challenge);
memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
return(1);
mem_err:
@@ -800,6 +810,7 @@
}
/* SSL2_ST_GET_CLIENT_FINISHED_B */
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
len = 1 + (unsigned long)s->s2->conn_id_length;
n = (int)len - s->init_num;
i = ssl2_read(s,(char *)&(p[s->init_num]),n);
@@ -825,6 +836,7 @@
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_SERVER_VERIFY;
+ die(s->s2->challenge_length <= sizeof s->s2->challenge);
memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
/* p+=s->s2->challenge_length; */
@@ -844,6 +856,8 @@
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_SERVER_FINISHED;
+ die(s->session->session_id_length
+ <= sizeof s->session->session_id);
memcpy(p,s->session->session_id,
(unsigned int)s->session->session_id_length);
/* p+=s->session->session_id_length; */
--- ssl/s3_clnt.c.orig Thu Oct 25 02:18:54 2001
+++ ssl/s3_clnt.c Fri Jul 26 10:56:23 2002
@@ -64,6 +64,7 @@
#include <openssl/sha.h>
#include <openssl/evp.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
static SSL_METHOD *ssl3_get_client_method(int ver);
static int ssl3_client_hello(SSL *s);
@@ -492,6 +493,7 @@
*(p++)=i;
if (i != 0)
{
+ die(i <= sizeof s->session->session_id);
memcpy(p,s->session->session_id,i);
p+=i;
}
@@ -572,6 +574,14 @@
/* get the session-id */
j= *(p++);
+
+ if(j > sizeof s->session->session_id)
+ {
+ al=SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+ SSL_R_SSL3_SESSION_ID_TOO_LONG);
+ goto f_err;
+ }
if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
{
--- ssl/ssl.h.orig Mon Dec 17 12:24:39 2001
+++ ssl/ssl.h Fri Jul 26 11:36:19 2002
@@ -1423,6 +1423,7 @@
#define SSL_R_INVALID_COMMAND 280
#define SSL_R_INVALID_PURPOSE 278
#define SSL_R_INVALID_TRUST 279
+#define SSL_R_KEY_ARG_TOO_LONG 1112
#define SSL_R_LENGTH_MISMATCH 159
#define SSL_R_LENGTH_TOO_SHORT 160
#define SSL_R_LIBRARY_BUG 274
@@ -1491,6 +1492,7 @@
#define SSL_R_SHORT_READ 219
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
+#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
--- ssl/ssl_asn1.c.orig Thu Jun 1 16:19:19 2000
+++ ssl/ssl_asn1.c Fri Jul 26 11:37:53 2002
@@ -62,6 +62,7 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
typedef struct ssl_session_asn1_st
{
@@ -275,6 +276,7 @@
os.length=i;
ret->session_id_length=os.length;
+ die(os.length <= sizeof ret->session_id);
memcpy(ret->session_id,os.data,os.length);
M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
--- ssl/ssl_err.c.orig Fri Nov 9 18:15:29 2001
+++ ssl/ssl_err.c Fri Jul 26 11:39:21 2002
@@ -1,6 +1,6 @@
/* ssl/ssl_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -275,6 +275,7 @@
{SSL_R_INVALID_COMMAND ,"invalid command"},
{SSL_R_INVALID_PURPOSE ,"invalid purpose"},
{SSL_R_INVALID_TRUST ,"invalid trust"},
+{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"},
{SSL_R_LENGTH_MISMATCH ,"length mismatch"},
{SSL_R_LENGTH_TOO_SHORT ,"length too short"},
{SSL_R_LIBRARY_BUG ,"library bug"},
@@ -343,6 +344,7 @@
{SSL_R_SHORT_READ ,"short read"},
{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
+{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},
{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"},
--- ssl/ssl_sess.c.orig Wed Nov 29 11:12:32 2000
+++ ssl/ssl_sess.c Fri Jul 26 10:43:56 2002
@@ -60,6 +60,7 @@
#include <openssl/lhash.h>
#include <openssl/rand.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
@@ -199,6 +200,7 @@
ss->session_id_length=0;
}
+ die(s->sid_ctx_length <= sizeof ss->sid_ctx);
memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
ss->sid_ctx_length=s->sid_ctx_length;
s->session=ss;
--- ssl/s3_srvr.c.orig Thu Oct 25 02:18:56 2001
+++ ssl/s3_srvr.c Fri Jul 26 11:27:08 2002
@@ -122,6 +122,7 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
static SSL_METHOD *ssl3_get_server_method(int ver);
static int ssl3_get_client_hello(SSL *s);
@@ -942,6 +943,7 @@
s->session->session_id_length=0;
sl=s->session->session_id_length;
+ die(sl <= sizeof s->session->session_id);
*(p++)=sl;
memcpy(p,s->session->session_id,sl);
p+=sl;
(8790295) /Ben Laurie <ben@algroup.co.uk>/(Ombruten)
8790296 2002-07-30 11:15 +0100 /666 rader/ Ben Laurie <ben@algroup.co.uk>
Bilagans filnamn: "openssl-0.9.7-sec.patch"
Importerad: 2002-07-30 16:13 av Brevbäraren
Extern mottagare: OpenSSL Announce <openssl-announce@openssl.org>
Extern mottagare: Bugtraq <BUGTRAQ@SECURITYFOCUS.COM>
Extern mottagare: OpenSSL Dev <openssl-dev@openssl.org>
Extern mottagare: openssl-users@openssl.org
Mottagare: Bugtraq (import) <23352>
Bilaga (text/plain) till text 8790292
Ärende: Bilaga (openssl-0.9.7-sec.patch) till: OpenSSL patches for other versions
------------------------------------------------------------
Index: CHANGES
===================================================================
RCS file: /e/openssl/cvs/openssl/CHANGES,v
retrieving revision 1.977.2.42
diff -u -r1.977.2.42 CHANGES
--- CHANGES 2002/07/16 09:18:25 1.977.2.42
+++ CHANGES 2002/07/30 09:54:48
@@ -4,6 +4,38 @@
Changes between 0.9.6e and 0.9.7 [XX xxx 2002]
+Changes marked "(CHATS)" were sponsored by the Defense Advanced
+Research Projects Agency (DARPA) and Air Force Research Laboratory,
+Air Force Materiel Command, USAF, under agreement number
+F30602-01-2-0537.
+
+ *) Add various sanity checks to asn1_get_length() to reject
+ the ASN1 length bytes if they exceed sizeof(long), will appear
+ negative or the content length exceeds the length of the
+ supplied buffer. (CAN-2002-0659)
+ [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+
+ *) Assertions for various potential buffer overflows, not known to
+ happen in practice.
+ [Ben Laurie (CHATS)]
+
+ *) Various temporary buffers to hold ASCII versions of integers
were
+ too small for 64 bit platforms. (CAN-2002-0655)
+ [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
+
+ *) Remote buffer overflow in SSL3 protocol - an attacker could
+ supply an oversized master key in Kerberos-enabled versions.
+ (CAN-2002-0657)
+ [Ben Laurie (CHATS)]
+
+ *) Remote buffer overflow in SSL3 protocol - an attacker could
+ supply an oversized session ID to a client. (CAN-2002-0656)
+ [Ben Laurie (CHATS)]
+
+ *) Remote buffer overflow in SSL2 protocol - an attacker could
+ supply an oversized client master key. (CAN-2002-0656)
+ [Ben Laurie (CHATS)]
+
*) Add appropriate support for separate platform-dependent build
directories. The recommended way to make a platform-dependent
build directory is the following (tested on Linux), maybe with
@@ -1654,6 +1686,12 @@
[Richard Levitte]
Changes between 0.9.6d and 0.9.6e [XX xxx XXXX]
+
+ *) Add various sanity checks to asn1_get_length() to reject
+ the ASN1 length bytes if they exceed sizeof(long), will appear
+ negative or the content length exceeds the length of the
+ supplied buffer.
+ [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
*) Fix cipher selection routines: ciphers without encryption had
no flags
for the cipher strength set and where therefore not handled correctly
Index: crypto/cryptlib.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/cryptlib.c,v
retrieving revision 1.32
diff -u -r1.32 cryptlib.c
--- crypto/cryptlib.c 2001/11/24 04:02:42 1.32
+++ crypto/cryptlib.c 2002/07/30 09:54:50
@@ -492,3 +492,11 @@
#endif
#endif
+
+void OpenSSLDie(const char *file,int line,const char *assertion)
+ {
+ fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
+ file,line,assertion);
+ abort();
+ }
+
Index: crypto/cryptlib.h
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/cryptlib.h,v
retrieving revision 1.10
diff -u -r1.10 cryptlib.h
--- crypto/cryptlib.h 2001/02/22 14:44:54 1.10
+++ crypto/cryptlib.h 2002/07/30 09:54:50
@@ -89,6 +89,14 @@
#define X509_CERT_DIR_EVP "SSL_CERT_DIR"
#define X509_CERT_FILE_EVP "SSL_CERT_FILE"
+/* size of string represenations */
+#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
+#define HEX_SIZE(type) ((sizeof(type)*2)
+
+/* die if we have to */
+void OpenSSLDie(const char *file,int line,const char *assertion);
+#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
+
#ifdef __cplusplus
}
#endif
Index: crypto/asn1/asn1_lib.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/asn1/asn1_lib.c,v
retrieving revision 1.20.2.1
diff -u -r1.20.2.1 asn1_lib.c
--- crypto/asn1/asn1_lib.c 2002/06/13 17:38:46 1.20.2.1
+++ crypto/asn1/asn1_lib.c 2002/07/30 09:54:51
@@ -124,15 +124,13 @@
(int)(omax+ *pp));
#endif
-#if 0
- if ((p+ *plength) > (omax+ *pp))
+ if (*plength > (omax - (*pp - p)))
{
ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
/* Set this so that even if things are not long enough
* the values are set correctly */
ret|=0x80;
}
-#endif
*pp=p;
return(ret|inf);
err:
@@ -159,6 +157,8 @@
i= *p&0x7f;
if (*(p++) & 0x80)
{
+ if (i > sizeof(long))
+ return 0;
if (max-- == 0) return(0);
while (i-- > 0)
{
@@ -170,6 +170,8 @@
else
ret=i;
}
+ if (ret < 0)
+ return 0;
*pp=p;
*rl=ret;
return(1);
@@ -407,7 +409,7 @@
void asn1_add_error(unsigned char *address, int offset)
{
- char buf1[16],buf2[16];
+ char
buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
sprintf(buf1,"%lu",(unsigned long)address);
sprintf(buf2,"%d",offset);
Index: crypto/conf/conf_def.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/conf/conf_def.c,v
retrieving revision 1.12
diff -u -r1.12 conf_def.c
--- crypto/conf/conf_def.c 2002/01/24 16:15:17 1.12
+++ crypto/conf/conf_def.c 2002/07/30 09:54:51
@@ -67,6 +67,7 @@
#include "conf_def.h"
#include <openssl/buffer.h>
#include <openssl/err.h>
+#include "cryptlib.h"
static char *eat_ws(CONF *conf, char *p);
static char *eat_alpha_numeric(CONF *conf, char *p);
@@ -208,12 +209,12 @@
static int def_load_bio(CONF *conf, BIO *in, long *line)
{
#define BUFSIZE 512
- char btmp[16];
int bufnum=0,i,ii;
BUF_MEM *buff=NULL;
char *s,*p,*end;
int again,n;
long eline=0;
+ char btmp[DECIMAL_SIZE(eline)+1];
CONF_VALUE *v=NULL,*tv;
CONF_VALUE *sv=NULL;
char *section=NULL,*buf;
Index: crypto/conf/conf_mod.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/conf/conf_mod.c,v
retrieving revision 1.8.2.6
diff -u -r1.8.2.6 conf_mod.c
--- crypto/conf/conf_mod.c 2002/05/08 15:13:24 1.8.2.6
+++ crypto/conf/conf_mod.c 2002/07/30 09:54:52
@@ -230,7 +230,7 @@
{
if (!(flags & CONF_MFLAGS_SILENT))
{
- char rcode[10];
+ char rcode[DECIMAL_SIZE(ret)+1];
CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR);
sprintf(rcode, "%-8d", ret);
ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
Index: crypto/engine/hw_cswift.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/engine/hw_cswift.c,v
retrieving revision 1.17.2.1
diff -u -r1.17.2.1 hw_cswift.c
--- crypto/engine/hw_cswift.c 2002/06/21 02:48:52 1.17.2.1
+++ crypto/engine/hw_cswift.c 2002/07/30 09:54:53
@@ -501,7 +501,7 @@
goto err;
default:
{
- char tmpbuf[20];
+ char tmpbuf[DECIMAL_SIZE(sw_status)+1];
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -518,7 +518,7 @@
if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
&res, 1)) != SW_OK)
{
- char tmpbuf[20];
+ char tmpbuf[DECIMAL_SIZE(sw_status)+1];
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -608,7 +608,7 @@
goto err;
default:
{
- char tmpbuf[20];
+ char tmpbuf[DECIMAL_SIZE(sw_status)+1];
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -625,7 +625,7 @@
if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
&res, 1)) != SW_OK)
{
- char tmpbuf[20];
+ char tmpbuf[DECIMAL_SIZE(sw_status)+1];
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -740,7 +740,7 @@
goto err;
default:
{
- char tmpbuf[20];
+ char tmpbuf[DECIMAL_SIZE(sw_status)+1];
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -758,7 +758,7 @@
&res, 1);
if(sw_status != SW_OK)
{
- char tmpbuf[20];
+ char tmpbuf[DECIMAL_SIZE(sw_status)+1];
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -852,7 +852,7 @@
goto err;
default:
{
- char tmpbuf[20];
+ char tmpbuf[DECIMAL_SIZE(sw_status)+1];
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -874,7 +874,7 @@
&res, 1);
if(sw_status != SW_OK)
{
- char tmpbuf[20];
+ char tmpbuf[DECIMAL_SIZE(sw_status)+1];
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
Index: crypto/objects/obj_dat.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/objects/obj_dat.c,v
retrieving revision 1.23.2.3
diff -u -r1.23.2.3 obj_dat.c
--- crypto/objects/obj_dat.c 2002/05/30 16:49:44 1.23.2.3
+++ crypto/objects/obj_dat.c 2002/07/30 09:54:53
@@ -436,7 +436,7 @@
unsigned long l;
unsigned char *p;
const char *s;
- char tbuf[32];
+ char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
if (buf_len <= 0) return(0);
Index: ssl/s2_clnt.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s2_clnt.c,v
retrieving revision 1.37
diff -u -r1.37 s2_clnt.c
--- ssl/s2_clnt.c 2002/01/12 15:56:10 1.37
+++ ssl/s2_clnt.c 2002/07/30 09:55:01
@@ -116,6 +116,7 @@
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
+#include "cryptlib.h"
static SSL_METHOD *ssl2_get_client_method(int ver);
static int get_server_finished(SSL *s);
@@ -535,6 +536,7 @@
}
s->s2->conn_id_length=s->s2->tmp.conn_id_length;
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
return(1);
}
@@ -636,6 +638,7 @@
/* make key_arg data */
i=EVP_CIPHER_iv_length(c);
sess->key_arg_length=i;
+ die(i <= SSL_MAX_KEY_ARG_LENGTH);
if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
/* make a master key */
@@ -643,6 +646,7 @@
sess->master_key_length=i;
if (i > 0)
{
+ die(i <= sizeof sess->master_key);
if (RAND_bytes(sess->master_key,i) <= 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@@ -686,6 +690,7 @@
d+=enc;
karg=sess->key_arg_length;
s2n(karg,p); /* key arg size */
+ die(karg <= sizeof sess->key_arg);
memcpy(d,sess->key_arg,(unsigned int)karg);
d+=karg;
@@ -706,6 +711,7 @@
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_CLIENT_FINISHED;
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -978,6 +984,8 @@
{
if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
{
+ die(s->session->session_id_length
+ <= sizeof s->session->session_id);
if (memcmp(buf,s->session->session_id,
(unsigned int)s->session->session_id_length) != 0)
{
Index: ssl/s2_lib.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s2_lib.c,v
retrieving revision 1.39.2.1
diff -u -r1.39.2.1 s2_lib.c
--- ssl/s2_lib.c 2002/07/10 06:40:18 1.39.2.1
+++ ssl/s2_lib.c 2002/07/30 09:55:01
@@ -63,6 +63,7 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
+#include "cryptlib.h"
static long ssl2_default_timeout(void );
const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@@ -428,10 +429,14 @@
#endif
EVP_MD_CTX_init(&ctx);
km=s->s2->key_material;
+ die(s->s2->key_material_length <= sizeof s->s2->key_material);
for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
{
EVP_DigestInit_ex(&ctx,EVP_md5(), NULL);
+ die(s->session->master_key_length >= 0
+ && s->session->master_key_length
+ < sizeof s->session->master_key);
EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
EVP_DigestUpdate(&ctx,&c,1);
c++;
@@ -467,6 +472,7 @@
/* state=s->rwstate;*/
error=s->error;
s->error=0;
+ die(error >= 0 && error <= 3);
i=ssl2_write(s,&(buf[3-error]),error);
/* if (i == error) s->rwstate=state; */
Index: ssl/s2_srvr.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s2_srvr.c,v
retrieving revision 1.36
diff -u -r1.36 s2_srvr.c
--- ssl/s2_srvr.c 2002/01/12 15:56:11 1.36
+++ ssl/s2_srvr.c 2002/07/30 09:55:02
@@ -116,6 +116,7 @@
#include <openssl/rand.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
+#include "cryptlib.h"
static SSL_METHOD *ssl2_get_server_method(int ver);
static int get_client_master_key(SSL *s);
@@ -417,11 +418,18 @@
n2s(p,i); s->s2->tmp.clear=i;
n2s(p,i); s->s2->tmp.enc=i;
n2s(p,i); s->session->key_arg_length=i;
+ if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
+ {
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+ SSL_R_KEY_ARG_TOO_LONG);
+ return -1;
+ }
s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
}
/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
p=(unsigned char *)s->init_buf->data;
+ die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
keya=s->session->key_arg_length;
len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
@@ -504,6 +512,7 @@
#endif
if (is_export) i+=s->s2->tmp.clear;
+ die(i <= SSL_MAX_MASTER_KEY_LENGTH);
s->session->master_key_length=i;
memcpy(s->session->master_key,p,(unsigned int)i);
return(1);
@@ -670,6 +679,7 @@
p+=s->s2->tmp.session_id_length;
/* challenge */
+ die(s->s2->challenge_length <= sizeof s->s2->challenge);
memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
return(1);
mem_err:
@@ -826,6 +836,7 @@
}
/* SSL2_ST_GET_CLIENT_FINISHED_B */
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
len = 1 + (unsigned long)s->s2->conn_id_length;
n = (int)len - s->init_num;
i = ssl2_read(s,(char *)&(p[s->init_num]),n);
@@ -853,6 +864,7 @@
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_SERVER_VERIFY;
+ die(s->s2->challenge_length <= sizeof s->s2->challenge);
memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
/* p+=s->s2->challenge_length; */
@@ -872,6 +884,8 @@
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_SERVER_FINISHED;
+ die(s->session->session_id_length
+ <= sizeof s->session->session_id);
memcpy(p,s->session->session_id,
(unsigned int)s->session->session_id_length);
/* p+=s->session->session_id_length; */
Index: ssl/s3_clnt.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s3_clnt.c,v
retrieving revision 1.53.2.2
diff -u -r1.53.2.2 s3_clnt.c
--- ssl/s3_clnt.c 2002/07/10 06:57:48 1.53.2.2
+++ ssl/s3_clnt.c 2002/07/30 09:55:03
@@ -117,6 +117,7 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
+#include "cryptlib.h"
static SSL_METHOD *ssl3_get_client_method(int ver);
static int ssl3_client_hello(SSL *s);
@@ -545,6 +546,7 @@
*(p++)=i;
if (i != 0)
{
+ die(i <= sizeof s->session->session_id);
memcpy(p,s->session->session_id,i);
p+=i;
}
@@ -626,6 +628,14 @@
/* get the session-id */
j= *(p++);
+ if(j > sizeof s->session->session_id)
+ {
+ al=SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+ SSL_R_SSL3_SESSION_ID_TOO_LONG);
+ goto f_err;
+ }
+
if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
{
/* SSLref returns 16 :-( */
@@ -1588,6 +1598,7 @@
SSL_MAX_MASTER_KEY_LENGTH);
EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
outl += padl;
+ die(outl <= sizeof epms);
EVP_CIPHER_CTX_cleanup(&ciph_ctx);
/* KerberosWrapper.EncryptedPreMasterSecret */
Index: ssl/s3_srvr.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s3_srvr.c,v
retrieving revision 1.85.2.5
diff -u -r1.85.2.5 s3_srvr.c
--- ssl/s3_srvr.c 2002/07/10 06:57:50 1.85.2.5
+++ ssl/s3_srvr.c 2002/07/30 09:55:04
@@ -123,6 +123,7 @@
#include <openssl/x509.h>
#include <openssl/krb5_asn.h>
#include <openssl/md5.h>
+#include "cryptlib.h"
static SSL_METHOD *ssl3_get_server_method(int ver);
static int ssl3_get_client_hello(SSL *s);
@@ -964,6 +965,7 @@
s->session->session_id_length=0;
sl=s->session->session_id_length;
+ die(sl <= sizeof s->session->session_id);
*(p++)=sl;
memcpy(p,s->session->session_id,sl);
p+=sl;
@@ -1559,8 +1561,8 @@
EVP_CIPHER *enc = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH
- + EVP_MAX_IV_LENGTH + 1];
- int padl, outl = sizeof(pms);
+ + EVP_MAX_BLOCK_LENGTH];
+ int padl, outl;
krb5_timestamp authtime = 0;
krb5_ticket_times ttimes;
@@ -1582,6 +1584,16 @@
enc_pms.length = i;
enc_pms.data = (char *)p;
p+=enc_pms.length;
+
+ /* Note that the length is checked again below,
+ ** after decryption
+ */
+ if(enc.pms_length > sizeof pms)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DATA_LENGTH_TOO_LONG);
+ goto err;
+ }
if (n != enc_ticket.length + authenticator.length +
enc_pms.length + 6)
Index: ssl/ssl.h
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl.h,v
retrieving revision 1.126.2.7
diff -u -r1.126.2.7 ssl.h
--- ssl/ssl.h 2002/07/04 08:50:31 1.126.2.7
+++ ssl/ssl.h 2002/07/30 09:55:05
@@ -1650,6 +1650,7 @@
#define SSL_R_INVALID_COMMAND 280
#define SSL_R_INVALID_PURPOSE 278
#define SSL_R_INVALID_TRUST 279
+#define SSL_R_KEY_ARG_TOO_LONG 1112
#define SSL_R_KRB5 1104
#define SSL_R_KRB5_C_CC_PRINC 1094
#define SSL_R_KRB5_C_GET_CRED 1095
@@ -1729,6 +1730,7 @@
#define SSL_R_SHORT_READ 219
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
+#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
Index: ssl/ssl_asn1.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl_asn1.c,v
retrieving revision 1.9.2.2
diff -u -r1.9.2.2 ssl_asn1.c
--- ssl/ssl_asn1.c 2002/07/10 06:57:51 1.9.2.2
+++ ssl/ssl_asn1.c 2002/07/30 09:55:05
@@ -62,6 +62,7 @@
#include <openssl/asn1_mac.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
+#include "cryptlib.h"
typedef struct ssl_session_asn1_st
{
@@ -296,6 +297,7 @@
os.length=i;
ret->session_id_length=os.length;
+ die(os.length <= sizeof ret->session_id);
memcpy(ret->session_id,os.data,os.length);
M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
Index: ssl/ssl_err.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl_err.c,v
retrieving revision 1.41
diff -u -r1.41 ssl_err.c
--- ssl/ssl_err.c 2001/11/10 01:16:28 1.41
+++ ssl/ssl_err.c 2002/07/30 09:55:06
@@ -1,6 +1,6 @@
/* ssl/ssl_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -275,6 +275,7 @@
{SSL_R_INVALID_COMMAND ,"invalid command"},
{SSL_R_INVALID_PURPOSE ,"invalid purpose"},
{SSL_R_INVALID_TRUST ,"invalid trust"},
+{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"},
{SSL_R_KRB5 ,"krb5"},
{SSL_R_KRB5_C_CC_PRINC ,"krb5 client cc principal (no tkt?)"},
{SSL_R_KRB5_C_GET_CRED ,"krb5 client get cred"},
@@ -354,6 +355,7 @@
{SSL_R_SHORT_READ ,"short read"},
{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
+{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},
{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"},
Index: ssl/ssl_sess.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl_sess.c,v
retrieving revision 1.40
diff -u -r1.40 ssl_sess.c
--- ssl/ssl_sess.c 2002/02/10 12:46:41 1.40
+++ ssl/ssl_sess.c 2002/07/30 09:55:06
@@ -60,6 +60,7 @@
#include <openssl/lhash.h>
#include <openssl/rand.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
@@ -250,6 +251,7 @@
ss->session_id_length=0;
}
+ die(s->sid_ctx_length <= sizeof ss->sid_ctx);
memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
ss->sid_ctx_length=s->sid_ctx_length;
s->session=ss;
(8790296) /Ben Laurie <ben@algroup.co.uk>/(Ombruten)
8791727 2002-07-30 14:42 -0300 /39 rader/ Ademar de Souza Reis Jr. <ademar@conectiva.com.br>
Sänt av: joel@lysator.liu.se
Importerad: 2002-07-30 21:35 av Brevbäraren
Extern mottagare: Bugtraq <BUGTRAQ@SECURITYFOCUS.COM>
Extern kopiemottagare: Ben Laurie <ben@algroup.co.uk>
Extern kopiemottagare: OpenSSL Announce <openssl-announce@openssl.org>
Extern kopiemottagare: OpenSSL Dev <openssl-dev@openssl.org>
Extern kopiemottagare: openssl-users@openssl.org
Mottagare: Bugtraq (import) <23365>
Kommentar till text 8790292 av Ben Laurie <ben@algroup.co.uk>
Ärende: Re: OpenSSL patches for other versions
------------------------------------------------------------
From: "Ademar de Souza Reis Jr." <ademar@conectiva.com.br>
To: Bugtraq <BUGTRAQ@SECURITYFOCUS.COM>
Cc: Ben Laurie <ben@algroup.co.uk>,
OpenSSL Announce <openssl-announce@openssl.org>,
OpenSSL Dev <openssl-dev@openssl.org>, openssl-users@openssl.org
Message-ID: <20020730174212.GA3214@conectiva.com.br>
On Tue, Jul 30, 2002 at 11:15:00AM +0100, Ben Laurie wrote:
> Enclosed are patches for today's OpenSSL security alert which apply to
> other versions. The patch for 0.9.7 is supplied by Ben Laurie
> <ben@algroup.co.uk> and the remainder by Vincent Danen (email not
> supplied).
>
> Patches are for 0.9.5a, 0.9.6 (use 0.9.6b patch), 0.9.6b, 0.9.6c, 0.9.7-dev.
>
> These patches are known to apply correctly but have not been
> thoroughly tested.
Hello.
While checking the patches you sent I noticed that in the ones for
openssh < 0.9.7-dev, the ASN.1 fix is not present (several checks in
crypto/asn1/asn1_lib.c).
So I backported the fixes based on 0.9.7-dev and in a patch for
0.9.6d sent by Ben Laurie to openssl-team@openssl.org on July27
(subject: Final version?).
Patches for 0.9.5a, 0.9.6a and 0.9.6b including fix for ASN.1 vulns
attached. They're not well tested yet - after sucessful compilation.
Cheers.
- Ademar
--
Ademar de Souza Reis Jr. <ademar@conectiva.com.br>
^[:wq!
(8791727) /Ademar de Souza Reis Jr. <ademar@conectiva.com.br>/(Ombruten)
Bilaga (text/plain) i text 8791728
Bilaga (text/plain) i text 8791729
Bilaga (text/plain) i text 8791730
8791728 2002-07-30 14:42 -0300 /486 rader/ Ademar de Souza Reis Jr. <ademar@conectiva.com.br>
Importerad: 2002-07-30 21:35 av Brevbäraren
Extern mottagare: Bugtraq <BUGTRAQ@SECURITYFOCUS.COM>
Extern kopiemottagare: Ben Laurie <ben@algroup.co.uk>
Extern kopiemottagare: OpenSSL Announce <openssl-announce@openssl.org>
Extern kopiemottagare: OpenSSL Dev <openssl-dev@openssl.org>
Extern kopiemottagare: openssl-users@openssl.org
Mottagare: Bugtraq (import) <23366>
Bilaga (text/plain) till text 8791727
Ärende: Bilaga till: Re: OpenSSL patches for other versions
------------------------------------------------------------
diff -ur openssl-0.9.5a-orig/CHANGES openssl-0.9.5a/CHANGES
--- openssl-0.9.5a-orig/CHANGES Sat Apr 1 08:16:39 2000
+++ openssl-0.9.5a/CHANGES Tue Jul 30 11:16:28 2002
@@ -2,6 +2,34 @@
OpenSSL CHANGES
_______________
+ Changes in security patch
+
+ Research Projects Agency (DARPA) and Air Force Research Laboratory,
+ Air Force Materiel Command, USAF, under agreement number
+ F30602-01-2-0537.
+
+ *) Add various sanity checks to asn1_get_length() to reject
+ the ASN1 length bytes if they exceed sizeof(long), will appear
+ negative or the content length exceeds the length of the
+ supplied buffer.
+ [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+
+ *) Assertions for various potential buffer overflows, not known to
+ happen in practice.
+ [Ben Laurie (CHATS)]
+
+ *) Various temporary buffers to hold ASCII versions of integers
were
+ too small for 64 bit platforms. (CAN-2002-0655)
+ [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
+
+ *) Remote buffer overflow in SSL3 protocol - an attacker could
+ supply an oversized session ID to a client. (CAN-2002-0656)
+ [Ben Laurie (CHATS)]
+
+ *) Remote buffer overflow in SSL2 protocol - an attacker could
+ supply an oversized client master key. (CAN-2002-0656)
+ [Ben Laurie (CHATS)]
+
Changes between 0.9.5 and 0.9.5a [1 Apr 2000]
*) Make sure _lrotl and _lrotr are only used with MSVC.
@@ -2852,4 +2880,3 @@
*) A minor bug in ssl/s3_clnt.c where there would always be 4 0
bytes sent in the client random.
[Edward Bishop <ebishop@spyglass.com>]
- diff -ur openssl-0.9.5a-orig/crypto/asn1/asn1_lib.c
openssl-0.9.5a/crypto/asn1/asn1_lib.c
--- openssl-0.9.5a-orig/crypto/asn1/asn1_lib.c Wed Feb 16 21:15:56
2000
+++ openssl-0.9.5a/crypto/asn1/asn1_lib.c Tue Jul 30 11:15:20 2002
@@ -124,15 +124,13 @@
(int)(omax+ *pp));
#endif
-#if 0
- if ((p+ *plength) > (omax+ *pp))
+ if (*plength > (omax - (*pp - p)))
{
ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
/* Set this so that even if things are not long enough
* the values are set correctly */
ret|=0x80;
}
-#endif
*pp=p;
return(ret|inf);
err:
@@ -159,6 +157,8 @@
i= *p&0x7f;
if (*(p++) & 0x80)
{
+ if (i > sizeof(long))
+ return 0;
if (max-- == 0) return(0);
while (i-- > 0)
{
@@ -170,6 +170,8 @@
else
ret=i;
}
+ if (ret < 0)
+ return 0;
*pp=p;
*rl=ret;
return(1);
@@ -404,7 +406,7 @@
void asn1_add_error(unsigned char *address, int offset)
{
- char buf1[16],buf2[16];
+ char
buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
sprintf(buf1,"%lu",(unsigned long)address);
sprintf(buf2,"%d",offset); diff -ur
openssl-0.9.5a-orig/crypto/conf/conf.c
openssl-0.9.5a/crypto/conf/conf.c
--- openssl-0.9.5a-orig/crypto/conf/conf.c Sun Jan 30 20:19:51
2000
+++ openssl-0.9.5a/crypto/conf/conf.c Tue Jul 30 11:21:35 2002
@@ -64,7 +64,7 @@
#include <openssl/conf.h>
#include <openssl/buffer.h>
#include <openssl/err.h>
-
+#include "cryptlib.h"
#include "conf_lcl.h"
static void value_free_hash(CONF_VALUE *a, LHASH *conf);
@@ -123,12 +123,12 @@
{
LHASH *ret=NULL;
#define BUFSIZE 512
- char btmp[16];
int bufnum=0,i,ii;
BUF_MEM *buff=NULL;
char *s,*p,*end;
int again,n;
long eline=0;
+ char btmp[DECIMAL_SIZE(eline)+1];
CONF_VALUE *v=NULL,*vv,*tv;
CONF_VALUE *sv=NULL;
char *section=NULL,*buf; diff -ur
openssl-0.9.5a-orig/crypto/cryptlib.c openssl-0.9.5a/crypto/cryptlib.c
--- openssl-0.9.5a-orig/crypto/cryptlib.c Sun Dec 19 19:35:23
1999
+++ openssl-0.9.5a/crypto/cryptlib.c Tue Jul 30 11:15:20 2002
@@ -300,3 +300,11 @@
#endif
#endif
+
+void OpenSSLDie(const char *file,int line,const char *assertion)
+ {
+ fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
+ file,line,assertion);
+ abort();
+ }
+ diff -ur openssl-0.9.5a-orig/crypto/cryptlib.h
openssl-0.9.5a/crypto/cryptlib.h
--- openssl-0.9.5a-orig/crypto/cryptlib.h Fri May 21 08:16:12
1999
+++ openssl-0.9.5a/crypto/cryptlib.h Tue Jul 30 11:15:20 2002
@@ -89,6 +89,14 @@
#define X509_CERT_DIR_EVP "SSL_CERT_DIR"
#define X509_CERT_FILE_EVP "SSL_CERT_FILE"
+/* size of string represenations */
+#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
+#define HEX_SIZE(type) ((sizeof(type)*2)
+
+/* die if we have to */
+void OpenSSLDie(const char *file,int line,const char *assertion);
+#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
+
#ifdef __cplusplus
}
#endif
diff -ur openssl-0.9.5a-orig/crypto/objects/obj_dat.c openssl-0.9.5a/crypto/objects/obj_dat.c
--- openssl-0.9.5a-orig/crypto/objects/obj_dat.c Sun Jan 30
21:33:16 2000
+++ openssl-0.9.5a/crypto/objects/obj_dat.c Tue Jul 30 11:15:20 2002
@@ -420,7 +420,7 @@
unsigned long l;
unsigned char *p;
const char *s;
- char tbuf[32];
+ char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
if (buf_len <= 0) return(0);
diff -ur openssl-0.9.5a-orig/include/openssl/ssl.h
openssl-0.9.5a/include/openssl/ssl.h
--- openssl-0.9.5a-orig/include/openssl/ssl.h Thu Mar 16 16:47:31
2000
+++ openssl-0.9.5a/include/openssl/ssl.h Tue Jul 30 11:15:20 2002
@@ -1385,6 +1385,7 @@
#define SSL_R_INVALID_COMMAND 280
#define SSL_R_INVALID_PURPOSE 278
#define SSL_R_INVALID_TRUST 279
+#define SSL_R_KEY_ARG_TOO_LONG 1112
#define SSL_R_LENGTH_MISMATCH 159
#define SSL_R_LENGTH_TOO_SHORT 160
#define SSL_R_LIBRARY_BUG 274
@@ -1451,6 +1452,7 @@
#define SSL_R_SHORT_READ 219
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
+#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
diff -ur openssl-0.9.5a-orig/ssl/s2_clnt.c openssl-0.9.5a/ssl/s2_clnt.c
--- openssl-0.9.5a-orig/ssl/s2_clnt.c Thu Feb 3 21:23:22 2000
+++ openssl-0.9.5a/ssl/s2_clnt.c Tue Jul 30 11:15:20 2002
@@ -63,6 +63,7 @@
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
+#include "cryptlib.h"
static SSL_METHOD *ssl2_get_client_method(int ver);
static int get_server_finished(SSL *s);
@@ -458,6 +459,7 @@
}
s->s2->conn_id_length=s->s2->tmp.conn_id_length;
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
return(1);
}
@@ -559,6 +561,7 @@
/* make key_arg data */
i=EVP_CIPHER_iv_length(c);
sess->key_arg_length=i;
+ die(i <= SSL_MAX_KEY_ARG_LENGTH);
if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
/* make a master key */
@@ -566,6 +569,7 @@
sess->master_key_length=i;
if (i > 0)
{
+ die(i <= sizeof sess->master_key);
if (RAND_bytes(sess->master_key,i) <= 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@@ -609,6 +613,7 @@
d+=enc;
karg=sess->key_arg_length;
s2n(karg,p); /* key arg size */
+ die(karg <= sizeof sess->key_arg);
memcpy(d,sess->key_arg,(unsigned int)karg);
d+=karg;
@@ -629,6 +634,7 @@
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_CLIENT_FINISHED;
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -878,6 +884,8 @@
{
if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
{
+ die(s->session->session_id_length
+ <= sizeof s->session->session_id);
if (memcmp(buf,s->session->session_id,
(unsigned int)s->session->session_id_length) != 0)
{
diff -ur openssl-0.9.5a-orig/ssl/s2_lib.c openssl-0.9.5a/ssl/s2_lib.c
--- openssl-0.9.5a-orig/ssl/s2_lib.c Sun Feb 20 21:42:59 2000
+++ openssl-0.9.5a/ssl/s2_lib.c Tue Jul 30 11:15:20 2002
@@ -62,6 +62,7 @@
#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/md5.h>
+#include "cryptlib.h"
static long ssl2_default_timeout(void );
const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@@ -419,10 +420,14 @@
#endif
km=s->s2->key_material;
+ die(s->s2->key_material_length <= sizeof s->s2->key_material);
for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
{
MD5_Init(&ctx);
+ die(s->session->master_key_length >= 0
+ && s->session->master_key_length
+ < sizeof s->session->master_key);
MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
MD5_Update(&ctx,&c,1);
c++;
@@ -457,6 +462,7 @@
/* state=s->rwstate;*/
error=s->error;
s->error=0;
+ die(error >= 0 && error <= 3);
i=ssl2_write(s,&(buf[3-error]),error);
/* if (i == error) s->rwstate=state; */
diff -ur openssl-0.9.5a-orig/ssl/s2_srvr.c
openssl-0.9.5a/ssl/s2_srvr.c
--- openssl-0.9.5a-orig/ssl/s2_srvr.c Sun Feb 20 21:04:02 2000
+++ openssl-0.9.5a/ssl/s2_srvr.c Tue Jul 30 11:15:20 2002
@@ -63,6 +63,7 @@
#include <openssl/rand.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
+#include "cryptlib.h"
static SSL_METHOD *ssl2_get_server_method(int ver);
static int get_client_master_key(SSL *s);
@@ -361,12 +362,19 @@
n2s(p,i); s->s2->tmp.clear=i;
n2s(p,i); s->s2->tmp.enc=i;
n2s(p,i); s->session->key_arg_length=i;
+ if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
+ {
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+ SSL_R_KEY_ARG_TOO_LONG);
+ return -1;
+ }
s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
s->init_num=0;
}
/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
p=(unsigned char *)s->init_buf->data;
+ die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
keya=s->session->key_arg_length;
n=s->s2->tmp.clear+s->s2->tmp.enc+keya - s->init_num;
i=ssl2_read(s,(char *)&(p[s->init_num]),n);
@@ -439,6 +447,7 @@
#endif
if (is_export) i+=s->s2->tmp.clear;
+ die(i <= SSL_MAX_MASTER_KEY_LENGTH);
s->session->master_key_length=i;
memcpy(s->session->master_key,p,(unsigned int)i);
return(1);
@@ -579,6 +588,7 @@
p+=s->s2->tmp.session_id_length;
/* challenge */
+ die(s->s2->challenge_length <= sizeof s->s2->challenge);
memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
return(1);
mem_err:
@@ -729,7 +739,8 @@
}
/* SSL2_ST_GET_CLIENT_FINISHED_B */
- i=ssl2_read(s,(char
*)&(p[s->init_num]),s->s2->conn_id_length-s->init_num);
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
+ i = ssl2_read(s, (char *) &(p[s->init_num]), s->s2->conn_id_length - s->init_num);
if (i < (int)s->s2->conn_id_length-s->init_num)
{
return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
@@ -751,6 +762,7 @@
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_SERVER_VERIFY;
+ die(s->s2->challenge_length <= sizeof s->s2->challenge);
memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
/* p+=s->s2->challenge_length; */
@@ -770,6 +782,8 @@
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_SERVER_FINISHED;
+ die(s->session->session_id_length
+ <= sizeof s->session->session_id);
memcpy(p,s->session->session_id,
(unsigned int)s->session->session_id_length);
/* p+=s->session->session_id_length; */
diff -ur openssl-0.9.5a-orig/ssl/s3_clnt.c openssl-0.9.5a/ssl/s3_clnt.c
--- openssl-0.9.5a-orig/ssl/s3_clnt.c Mon Mar 27 18:28:27 2000
+++ openssl-0.9.5a/ssl/s3_clnt.c Tue Jul 30 11:15:20 2002
@@ -64,6 +64,7 @@
#include <openssl/sha.h>
#include <openssl/evp.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
static SSL_METHOD *ssl3_get_client_method(int ver);
static int ssl3_client_hello(SSL *s);
@@ -487,6 +488,7 @@
*(p++)=i;
if (i != 0)
{
+ die(i <= sizeof s->session->session_id);
memcpy(p,s->session->session_id,i);
p+=i;
}
@@ -567,6 +569,14 @@
/* get the session-id */
j= *(p++);
+
+ if(j > sizeof s->session->session_id)
+ {
+ al=SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+ SSL_R_SSL3_SESSION_ID_TOO_LONG);
+ goto f_err;
+ }
if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
{
diff -ur openssl-0.9.5a-orig/ssl/s3_srvr.c openssl-0.9.5a/ssl/s3_srvr.c
--- openssl-0.9.5a-orig/ssl/s3_srvr.c Mon Mar 27 18:28:28 2000
+++ openssl-0.9.5a/ssl/s3_srvr.c Tue Jul 30 11:15:20 2002
@@ -69,6 +69,7 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
static SSL_METHOD *ssl3_get_server_method(int ver);
static int ssl3_get_client_hello(SSL *s);
@@ -860,6 +861,7 @@
s->session->session_id_length=0;
sl=s->session->session_id_length;
+ die(sl <= sizeof s->session->session_id);
*(p++)=sl;
memcpy(p,s->session->session_id,sl);
p+=sl;
diff -ur openssl-0.9.5a-orig/ssl/ssl.h openssl-0.9.5a/ssl/ssl.h
--- openssl-0.9.5a-orig/ssl/ssl.h Thu Mar 16 16:47:31 2000
+++ openssl-0.9.5a/ssl/ssl.h Tue Jul 30 11:15:20 2002
@@ -1385,6 +1385,7 @@
#define SSL_R_INVALID_COMMAND 280
#define SSL_R_INVALID_PURPOSE 278
#define SSL_R_INVALID_TRUST 279
+#define SSL_R_KEY_ARG_TOO_LONG 1112
#define SSL_R_LENGTH_MISMATCH 159
#define SSL_R_LENGTH_TOO_SHORT 160
#define SSL_R_LIBRARY_BUG 274
@@ -1451,6 +1452,7 @@
#define SSL_R_SHORT_READ 219
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
+#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
diff -ur openssl-0.9.5a-orig/ssl/ssl_asn1.c openssl-0.9.5a/ssl/ssl_asn1.c
--- openssl-0.9.5a-orig/ssl/ssl_asn1.c Thu Feb 3 21:23:23 2000
+++ openssl-0.9.5a/ssl/ssl_asn1.c Tue Jul 30 11:15:20 2002
@@ -62,6 +62,7 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
typedef struct ssl_session_asn1_st
{
@@ -275,6 +276,7 @@
os.length=i;
ret->session_id_length=os.length;
+ die(os.length <= sizeof ret->session_id);
memcpy(ret->session_id,os.data,os.length);
M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); diff -ur
openssl-0.9.5a-orig/ssl/ssl_err.c openssl-0.9.5a/ssl/ssl_err.c
--- openssl-0.9.5a-orig/ssl/ssl_err.c Thu Mar 16 16:47:31 2000
+++ openssl-0.9.5a/ssl/ssl_err.c Tue Jul 30 11:15:20 2002
@@ -1,6 +1,6 @@
/* ssl/ssl_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -269,6 +269,7 @@
{SSL_R_INVALID_COMMAND ,"invalid command"},
{SSL_R_INVALID_PURPOSE ,"invalid purpose"},
{SSL_R_INVALID_TRUST ,"invalid trust"},
+{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"},
{SSL_R_LENGTH_MISMATCH ,"length mismatch"},
{SSL_R_LENGTH_TOO_SHORT ,"length too short"},
{SSL_R_LIBRARY_BUG ,"library bug"},
@@ -335,6 +336,7 @@
{SSL_R_SHORT_READ ,"short read"},
{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
+{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},
{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"},
diff -ur openssl-0.9.5a-orig/ssl/ssl_sess.c openssl-0.9.5a/ssl/ssl_sess.c
--- openssl-0.9.5a-orig/ssl/ssl_sess.c Sun Jan 30 20:20:28 2000
+++ openssl-0.9.5a/ssl/ssl_sess.c Tue Jul 30 11:15:20 2002
@@ -60,6 +60,7 @@
#include <openssl/lhash.h>
#include <openssl/rand.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
@@ -199,6 +200,7 @@
ss->session_id_length=0;
}
+ die(s->sid_ctx_length <= sizeof ss->sid_ctx);
memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
ss->sid_ctx_length=s->sid_ctx_length;
s->session=ss;
(8791728) /Ademar de Souza Reis Jr. <ademar@conectiva.com.br>/(Ombruten)
8791729 2002-07-30 14:42 -0300 /485 rader/ Ademar de Souza Reis Jr. <ademar@conectiva.com.br>
Importerad: 2002-07-30 21:35 av Brevbäraren
Extern mottagare: Bugtraq <BUGTRAQ@SECURITYFOCUS.COM>
Extern kopiemottagare: Ben Laurie <ben@algroup.co.uk>
Extern kopiemottagare: OpenSSL Announce <openssl-announce@openssl.org>
Extern kopiemottagare: OpenSSL Dev <openssl-dev@openssl.org>
Extern kopiemottagare: openssl-users@openssl.org
Mottagare: Bugtraq (import) <23367>
Bilaga (text/plain) till text 8791727
Ärende: Bilaga till: Re: OpenSSL patches for other versions
------------------------------------------------------------
diff -ur openssl-0.9.6a-orig/CHANGES openssl-0.9.6a/CHANGES
--- openssl-0.9.6a-orig/CHANGES Thu Apr 5 17:07:47 2001
+++ openssl-0.9.6a/CHANGES Tue Jul 30 10:35:53 2002
@@ -2,6 +2,34 @@
OpenSSL CHANGES
_______________
+Changes in security patch
+
+Research Projects Agency (DARPA) and Air Force Research Laboratory,
+Air Force Materiel Command, USAF, under agreement number
+F30602-01-2-0537.
+
+ *) Add various sanity checks to asn1_get_length() to reject
+ the ASN1 length bytes if they exceed sizeof(long), will appear
+ negative or the content length exceeds the length of the
+ supplied buffer.
+ [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+
+ *) Assertions for various potential buffer overflows, not known to
+ happen in practice.
+ [Ben Laurie (CHATS)]
+
+ *) Various temporary buffers to hold ASCII versions of integers
were
+ too small for 64 bit platforms. (CAN-2002-0655)
+ [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
+
+ *) Remote buffer overflow in SSL3 protocol - an attacker could
+ supply an oversized session ID to a client. (CAN-2002-0656)
+ [Ben Laurie (CHATS)]
+
+ *) Remote buffer overflow in SSL2 protocol - an attacker could
+ supply an oversized client master key. (CAN-2002-0656)
+ [Ben Laurie (CHATS)]
+
Changes between 0.9.6 and 0.9.6a [5 Apr 2001]
*) Fix a couple of memory leaks in PKCS7_dataDecode()
@@ -3809,4 +3837,3 @@
*) A minor bug in ssl/s3_clnt.c where there would always be 4 0
bytes sent in the client random.
[Edward Bishop <ebishop@spyglass.com>]
- diff -ur openssl-0.9.6a-orig/crypto/asn1/asn1_lib.c
openssl-0.9.6a/crypto/asn1/asn1_lib.c
--- openssl-0.9.6a-orig/crypto/asn1/asn1_lib.c Thu Apr 5 17:10:04
2001
+++ openssl-0.9.6a/crypto/asn1/asn1_lib.c Tue Jul 30 10:22:47 2002
@@ -124,15 +124,13 @@
(int)(omax+ *pp));
#endif
-#if 0
- if ((p+ *plength) > (omax+ *pp))
+ if (*plength > (omax - (*pp - p)))
{
ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
/* Set this so that even if things are not long enough
* the values are set correctly */
ret|=0x80;
}
-#endif
*pp=p;
return(ret|inf);
err:
@@ -159,6 +157,8 @@
i= *p&0x7f;
if (*(p++) & 0x80)
{
+ if (i > sizeof(long))
+ return 0;
if (max-- == 0) return(0);
while (i-- > 0)
{
@@ -170,6 +170,8 @@
else
ret=i;
}
+ if (ret < 0)
+ return 0;
*pp=p;
*rl=ret;
return(1);
@@ -407,7 +409,7 @@
void asn1_add_error(unsigned char *address, int offset)
{
- char buf1[16],buf2[16];
+ char
buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
sprintf(buf1,"%lu",(unsigned long)address);
sprintf(buf2,"%d",offset); diff -ur
openssl-0.9.6a-orig/crypto/conf/conf_def.c
openssl-0.9.6a/crypto/conf/conf_def.c
--- openssl-0.9.6a-orig/crypto/conf/conf_def.c Thu Apr 5 17:11:05
2001
+++ openssl-0.9.6a/crypto/conf/conf_def.c Tue Jul 30 10:22:47 2002
@@ -67,6 +67,7 @@
#include "conf_def.h"
#include <openssl/buffer.h>
#include <openssl/err.h>
+#include "cryptlib.h"
static char *eat_ws(CONF *conf, char *p);
static char *eat_alpha_numeric(CONF *conf, char *p);
@@ -180,12 +181,12 @@
static int def_load(CONF *conf, BIO *in, long *line)
{
#define BUFSIZE 512
- char btmp[16];
int bufnum=0,i,ii;
BUF_MEM *buff=NULL;
char *s,*p,*end;
int again,n;
long eline=0;
+ char btmp[DECIMAL_SIZE(eline)+1];
CONF_VALUE *v=NULL,*tv;
CONF_VALUE *sv=NULL;
char *section=NULL,*buf; diff -ur
openssl-0.9.6a-orig/crypto/cryptlib.c openssl-0.9.6a/crypto/cryptlib.c
--- openssl-0.9.6a-orig/crypto/cryptlib.c Thu Apr 5 17:09:28
2001
+++ openssl-0.9.6a/crypto/cryptlib.c Tue Jul 30 10:22:47 2002
@@ -488,3 +488,11 @@
#endif
#endif
+
+void OpenSSLDie(const char *file,int line,const char *assertion)
+ {
+ fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
+ file,line,assertion);
+ abort();
+ }
+ diff -ur openssl-0.9.6a-orig/crypto/cryptlib.h
openssl-0.9.6a/crypto/cryptlib.h
--- openssl-0.9.6a-orig/crypto/cryptlib.h Mon Sep 11 09:42:03
2000
+++ openssl-0.9.6a/crypto/cryptlib.h Tue Jul 30 10:22:47 2002
@@ -89,6 +89,14 @@
#define X509_CERT_DIR_EVP "SSL_CERT_DIR"
#define X509_CERT_FILE_EVP "SSL_CERT_FILE"
+/* size of string represenations */
+#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
+#define HEX_SIZE(type) ((sizeof(type)*2)
+
+/* die if we have to */
+void OpenSSLDie(const char *file,int line,const char *assertion);
+#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
+
#ifdef __cplusplus
}
#endif
diff -ur openssl-0.9.6a-orig/crypto/objects/obj_dat.c openssl-0.9.6a/crypto/objects/obj_dat.c
--- openssl-0.9.6a-orig/crypto/objects/obj_dat.c Thu Apr 5
17:12:16 2001
+++ openssl-0.9.6a/crypto/objects/obj_dat.c Tue Jul 30 10:22:47 2002
@@ -428,7 +428,7 @@
unsigned long l;
unsigned char *p;
const char *s;
- char tbuf[32];
+ char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
if (buf_len <= 0) return(0);
diff -ur openssl-0.9.6a-orig/include/openssl/ssl.h
openssl-0.9.6a/include/openssl/ssl.h
--- openssl-0.9.6a-orig/include/openssl/ssl.h Thu Apr 5 17:15:00
2001
+++ openssl-0.9.6a/include/openssl/ssl.h Tue Jul 30 10:23:10 2002
@@ -1418,6 +1418,7 @@
#define SSL_R_INVALID_COMMAND 280
#define SSL_R_INVALID_PURPOSE 278
#define SSL_R_INVALID_TRUST 279
+#define SSL_R_KEY_ARG_TOO_LONG 1112
#define SSL_R_LENGTH_MISMATCH 159
#define SSL_R_LENGTH_TOO_SHORT 160
#define SSL_R_LIBRARY_BUG 274
@@ -1485,6 +1486,7 @@
#define SSL_R_SHORT_READ 219
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
+#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
diff -ur openssl-0.9.6a-orig/ssl/s2_clnt.c openssl-0.9.6a/ssl/s2_clnt.c
--- openssl-0.9.6a-orig/ssl/s2_clnt.c Thu Apr 5 17:14:48 2001
+++ openssl-0.9.6a/ssl/s2_clnt.c Tue Jul 30 10:23:10 2002
@@ -63,6 +63,7 @@
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
+#include "cryptlib.h"
static SSL_METHOD *ssl2_get_client_method(int ver);
static int get_server_finished(SSL *s);
@@ -458,6 +459,7 @@
}
s->s2->conn_id_length=s->s2->tmp.conn_id_length;
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
return(1);
}
@@ -559,6 +561,7 @@
/* make key_arg data */
i=EVP_CIPHER_iv_length(c);
sess->key_arg_length=i;
+ die(i <= SSL_MAX_KEY_ARG_LENGTH);
if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
/* make a master key */
@@ -566,6 +569,7 @@
sess->master_key_length=i;
if (i > 0)
{
+ die(i <= sizeof sess->master_key);
if (RAND_bytes(sess->master_key,i) <= 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@@ -609,6 +613,7 @@
d+=enc;
karg=sess->key_arg_length;
s2n(karg,p); /* key arg size */
+ die(karg <= sizeof sess->key_arg);
memcpy(d,sess->key_arg,(unsigned int)karg);
d+=karg;
@@ -629,6 +634,7 @@
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_CLIENT_FINISHED;
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -878,6 +884,8 @@
{
if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
{
+ die(s->session->session_id_length
+ <= sizeof s->session->session_id);
if (memcmp(buf,s->session->session_id,
(unsigned int)s->session->session_id_length) != 0)
{
diff -ur openssl-0.9.6a-orig/ssl/s2_lib.c openssl-0.9.6a/ssl/s2_lib.c
--- openssl-0.9.6a-orig/ssl/s2_lib.c Thu Apr 5 17:14:49 2001
+++ openssl-0.9.6a/ssl/s2_lib.c Tue Jul 30 10:23:10 2002
@@ -62,6 +62,7 @@
#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/md5.h>
+#include "cryptlib.h"
static long ssl2_default_timeout(void );
const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@@ -425,10 +426,14 @@
#endif
km=s->s2->key_material;
+ die(s->s2->key_material_length <= sizeof s->s2->key_material);
for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
{
MD5_Init(&ctx);
+ die(s->session->master_key_length >= 0
+ && s->session->master_key_length
+ < sizeof s->session->master_key);
MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
MD5_Update(&ctx,&c,1);
c++;
@@ -463,6 +468,7 @@
/* state=s->rwstate;*/
error=s->error;
s->error=0;
+ die(error >= 0 && error <= 3);
i=ssl2_write(s,&(buf[3-error]),error);
/* if (i == error) s->rwstate=state; */
diff -ur openssl-0.9.6a-orig/ssl/s2_srvr.c
openssl-0.9.6a/ssl/s2_srvr.c
--- openssl-0.9.6a-orig/ssl/s2_srvr.c Thu Apr 5 17:14:51 2001
+++ openssl-0.9.6a/ssl/s2_srvr.c Tue Jul 30 10:23:10 2002
@@ -63,6 +63,7 @@
#include <openssl/rand.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
+#include "cryptlib.h"
static SSL_METHOD *ssl2_get_server_method(int ver);
static int get_client_master_key(SSL *s);
@@ -361,12 +362,19 @@
n2s(p,i); s->s2->tmp.clear=i;
n2s(p,i); s->s2->tmp.enc=i;
n2s(p,i); s->session->key_arg_length=i;
+ if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
+ {
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+ SSL_R_KEY_ARG_TOO_LONG);
+ return -1;
+ }
s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
s->init_num=0;
}
/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
p=(unsigned char *)s->init_buf->data;
+ die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
keya=s->session->key_arg_length;
n=s->s2->tmp.clear+s->s2->tmp.enc+keya - s->init_num;
i=ssl2_read(s,(char *)&(p[s->init_num]),n);
@@ -439,6 +447,7 @@
#endif
if (is_export) i+=s->s2->tmp.clear;
+ die(i <= SSL_MAX_MASTER_KEY_LENGTH);
s->session->master_key_length=i;
memcpy(s->session->master_key,p,(unsigned int)i);
return(1);
@@ -579,6 +588,7 @@
p+=s->s2->tmp.session_id_length;
/* challenge */
+ die(s->s2->challenge_length <= sizeof s->s2->challenge);
memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
return(1);
mem_err:
@@ -729,7 +739,8 @@
}
/* SSL2_ST_GET_CLIENT_FINISHED_B */
- i=ssl2_read(s,(char
*)&(p[s->init_num]),s->s2->conn_id_length-s->init_num);
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
+ i = ssl2_read(s, (char *) &(p[s->init_num]), s->s2->conn_id_length - s->init_num);
if (i < (int)s->s2->conn_id_length-s->init_num)
{
return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
@@ -751,6 +762,7 @@
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_SERVER_VERIFY;
+ die(s->s2->challenge_length <= sizeof s->s2->challenge);
memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
/* p+=s->s2->challenge_length; */
@@ -770,6 +782,8 @@
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_SERVER_FINISHED;
+ die(s->session->session_id_length
+ <= sizeof s->session->session_id);
memcpy(p,s->session->session_id,
(unsigned int)s->session->session_id_length);
/* p+=s->session->session_id_length; */
diff -ur openssl-0.9.6a-orig/ssl/s3_clnt.c openssl-0.9.6a/ssl/s3_clnt.c
--- openssl-0.9.6a-orig/ssl/s3_clnt.c Thu Apr 5 17:14:53 2001
+++ openssl-0.9.6a/ssl/s3_clnt.c Tue Jul 30 10:23:10 2002
@@ -64,6 +64,7 @@
#include <openssl/sha.h>
#include <openssl/evp.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
static SSL_METHOD *ssl3_get_client_method(int ver);
static int ssl3_client_hello(SSL *s);
@@ -492,6 +493,7 @@
*(p++)=i;
if (i != 0)
{
+ die(i <= sizeof s->session->session_id);
memcpy(p,s->session->session_id,i);
p+=i;
}
@@ -572,6 +574,14 @@
/* get the session-id */
j= *(p++);
+
+ if(j > sizeof s->session->session_id)
+ {
+ al=SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+ SSL_R_SSL3_SESSION_ID_TOO_LONG);
+ goto f_err;
+ }
if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
{
diff -ur openssl-0.9.6a-orig/ssl/s3_srvr.c openssl-0.9.6a/ssl/s3_srvr.c
--- openssl-0.9.6a-orig/ssl/s3_srvr.c Thu Apr 5 17:14:59 2001
+++ openssl-0.9.6a/ssl/s3_srvr.c Tue Jul 30 10:23:10 2002
@@ -69,6 +69,7 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
static SSL_METHOD *ssl3_get_server_method(int ver);
static int ssl3_get_client_hello(SSL *s);
@@ -863,6 +864,7 @@
s->session->session_id_length=0;
sl=s->session->session_id_length;
+ die(sl <= sizeof s->session->session_id);
*(p++)=sl;
memcpy(p,s->session->session_id,sl);
p+=sl;
diff -ur openssl-0.9.6a-orig/ssl/ssl.h openssl-0.9.6a/ssl/ssl.h
--- openssl-0.9.6a-orig/ssl/ssl.h Thu Apr 5 17:15:00 2001
+++ openssl-0.9.6a/ssl/ssl.h Tue Jul 30 10:23:10 2002
@@ -1418,6 +1418,7 @@
#define SSL_R_INVALID_COMMAND 280
#define SSL_R_INVALID_PURPOSE 278
#define SSL_R_INVALID_TRUST 279
+#define SSL_R_KEY_ARG_TOO_LONG 1112
#define SSL_R_LENGTH_MISMATCH 159
#define SSL_R_LENGTH_TOO_SHORT 160
#define SSL_R_LIBRARY_BUG 274
@@ -1485,6 +1486,7 @@
#define SSL_R_SHORT_READ 219
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
+#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
diff -ur openssl-0.9.6a-orig/ssl/ssl_asn1.c openssl-0.9.6a/ssl/ssl_asn1.c
--- openssl-0.9.6a-orig/ssl/ssl_asn1.c Thu Apr 5 17:15:01 2001
+++ openssl-0.9.6a/ssl/ssl_asn1.c Tue Jul 30 10:23:10 2002
@@ -62,6 +62,7 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
typedef struct ssl_session_asn1_st
{
@@ -275,6 +276,7 @@
os.length=i;
ret->session_id_length=os.length;
+ die(os.length <= sizeof ret->session_id);
memcpy(ret->session_id,os.data,os.length);
M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); diff -ur
openssl-0.9.6a-orig/ssl/ssl_err.c openssl-0.9.6a/ssl/ssl_err.c
--- openssl-0.9.6a-orig/ssl/ssl_err.c Thu Apr 5 17:15:04 2001
+++ openssl-0.9.6a/ssl/ssl_err.c Tue Jul 30 10:23:10 2002
@@ -1,6 +1,6 @@
/* ssl/ssl_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -273,6 +273,7 @@
{SSL_R_INVALID_COMMAND ,"invalid command"},
{SSL_R_INVALID_PURPOSE ,"invalid purpose"},
{SSL_R_INVALID_TRUST ,"invalid trust"},
+{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"},
{SSL_R_LENGTH_MISMATCH ,"length mismatch"},
{SSL_R_LENGTH_TOO_SHORT ,"length too short"},
{SSL_R_LIBRARY_BUG ,"library bug"},
@@ -340,6 +341,7 @@
{SSL_R_SHORT_READ ,"short read"},
{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
+{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},
{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"},
diff -ur openssl-0.9.6a-orig/ssl/ssl_sess.c openssl-0.9.6a/ssl/ssl_sess.c
--- openssl-0.9.6a-orig/ssl/ssl_sess.c Thu Apr 5 17:15:07 2001
+++ openssl-0.9.6a/ssl/ssl_sess.c Tue Jul 30 10:23:10 2002
@@ -60,6 +60,7 @@
#include <openssl/lhash.h>
#include <openssl/rand.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
@@ -199,6 +200,7 @@
ss->session_id_length=0;
}
+ die(s->sid_ctx_length <= sizeof ss->sid_ctx);
memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
ss->sid_ctx_length=s->sid_ctx_length;
s->session=ss;
(8791729) /Ademar de Souza Reis Jr. <ademar@conectiva.com.br>/(Ombruten)
8791730 2002-07-30 14:42 -0300 /486 rader/ Ademar de Souza Reis Jr. <ademar@conectiva.com.br>
Importerad: 2002-07-30 21:35 av Brevbäraren
Extern mottagare: Bugtraq <BUGTRAQ@SECURITYFOCUS.COM>
Extern kopiemottagare: Ben Laurie <ben@algroup.co.uk>
Extern kopiemottagare: OpenSSL Announce <openssl-announce@openssl.org>
Extern kopiemottagare: OpenSSL Dev <openssl-dev@openssl.org>
Extern kopiemottagare: openssl-users@openssl.org
Mottagare: Bugtraq (import) <23368>
Bilaga (text/plain) till text 8791727
Ärende: Bilaga till: Re: OpenSSL patches for other versions
------------------------------------------------------------
diff -ur openssl-0.9.6-orig/CHANGES openssl-0.9.6/CHANGES
--- openssl-0.9.6-orig/CHANGES Sun Sep 24 12:27:35 2000
+++ openssl-0.9.6/CHANGES Tue Jul 30 10:56:07 2002
@@ -2,6 +2,35 @@
OpenSSL CHANGES
_______________
+ Changes in security patch
+
+ Research Projects Agency (DARPA) and Air Force Research Laboratory,
+ Air Force Materiel Command, USAF, under agreement number
+ F30602-01-2-0537.
+
+ *) Add various sanity checks to asn1_get_length() to reject
+ the ASN1 length bytes if they exceed sizeof(long), will appear
+ negative or the content length exceeds the length of the
+ supplied buffer.
+ [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+
+ *) Assertions for various potential buffer overflows, not known to
+ happen in practice.
+ [Ben Laurie (CHATS)]
+
+ *) Various temporary buffers to hold ASCII versions of integers
were
+ too small for 64 bit platforms. (CAN-2002-0655)
+ [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
+
+ *) Remote buffer overflow in SSL3 protocol - an attacker could
+ supply an oversized session ID to a client. (CAN-2002-0656)
+ [Ben Laurie (CHATS)]
+
+ *) Remote buffer overflow in SSL2 protocol - an attacker could
+ supply an oversized client master key. (CAN-2002-0656)
+ [Ben Laurie (CHATS)]
+
+
Changes between 0.9.5a and 0.9.6 [24 Sep 2000]
*) In ssl23_get_client_hello, generate an error message when faced
@@ -3524,4 +3553,3 @@
*) A minor bug in ssl/s3_clnt.c where there would always be 4 0
bytes sent in the client random.
[Edward Bishop <ebishop@spyglass.com>]
- diff -ur openssl-0.9.6-orig/crypto/asn1/asn1_lib.c
openssl-0.9.6/crypto/asn1/asn1_lib.c
--- openssl-0.9.6-orig/crypto/asn1/asn1_lib.c Mon Sep 11 09:42:05
2000
+++ openssl-0.9.6/crypto/asn1/asn1_lib.c Tue Jul 30 10:54:52 2002
@@ -124,15 +124,13 @@
(int)(omax+ *pp));
#endif
-#if 0
- if ((p+ *plength) > (omax+ *pp))
+ if (*plength > (omax - (*pp - p)))
{
ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
/* Set this so that even if things are not long enough
* the values are set correctly */
ret|=0x80;
}
-#endif
*pp=p;
return(ret|inf);
err:
@@ -159,6 +157,8 @@
i= *p&0x7f;
if (*(p++) & 0x80)
{
+ if (i > sizeof(long))
+ return 0;
if (max-- == 0) return(0);
while (i-- > 0)
{
@@ -170,6 +170,8 @@
else
ret=i;
}
+ if (ret < 0)
+ return 0;
*pp=p;
*rl=ret;
return(1);
@@ -407,7 +409,7 @@
void asn1_add_error(unsigned char *address, int offset)
{
- char buf1[16],buf2[16];
+ char
buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
sprintf(buf1,"%lu",(unsigned long)address);
sprintf(buf2,"%d",offset); diff -ur
openssl-0.9.6-orig/crypto/conf/conf_def.c
openssl-0.9.6/crypto/conf/conf_def.c
--- openssl-0.9.6-orig/crypto/conf/conf_def.c Tue Jun 6 12:21:12
2000
+++ openssl-0.9.6/crypto/conf/conf_def.c Tue Jul 30 10:54:52 2002
@@ -67,6 +67,7 @@
#include "conf_def.h"
#include <openssl/buffer.h>
#include <openssl/err.h>
+#include "cryptlib.h"
static char *eat_ws(CONF *conf, char *p);
static char *eat_alpha_numeric(CONF *conf, char *p);
@@ -180,12 +181,12 @@
static int def_load(CONF *conf, BIO *in, long *line)
{
#define BUFSIZE 512
- char btmp[16];
int bufnum=0,i,ii;
BUF_MEM *buff=NULL;
char *s,*p,*end;
int again,n;
long eline=0;
+ char btmp[DECIMAL_SIZE(eline)+1];
CONF_VALUE *v=NULL,*tv;
CONF_VALUE *sv=NULL;
char *section=NULL,*buf; diff -ur
openssl-0.9.6-orig/crypto/cryptlib.c openssl-0.9.6/crypto/cryptlib.c
--- openssl-0.9.6-orig/crypto/cryptlib.c Mon Sep 11 09:42:02
2000
+++ openssl-0.9.6/crypto/cryptlib.c Tue Jul 30 10:54:52 2002
@@ -488,3 +488,11 @@
#endif
#endif
+
+void OpenSSLDie(const char *file,int line,const char *assertion)
+ {
+ fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
+ file,line,assertion);
+ abort();
+ }
+ diff -ur openssl-0.9.6-orig/crypto/cryptlib.h
openssl-0.9.6/crypto/cryptlib.h
--- openssl-0.9.6-orig/crypto/cryptlib.h Mon Sep 11 09:42:03
2000
+++ openssl-0.9.6/crypto/cryptlib.h Tue Jul 30 10:54:52 2002
@@ -89,6 +89,14 @@
#define X509_CERT_DIR_EVP "SSL_CERT_DIR"
#define X509_CERT_FILE_EVP "SSL_CERT_FILE"
+/* size of string represenations */
+#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
+#define HEX_SIZE(type) ((sizeof(type)*2)
+
+/* die if we have to */
+void OpenSSLDie(const char *file,int line,const char *assertion);
+#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
+
#ifdef __cplusplus
}
#endif
diff -ur openssl-0.9.6-orig/crypto/objects/obj_dat.c openssl-0.9.6/crypto/objects/obj_dat.c
--- openssl-0.9.6-orig/crypto/objects/obj_dat.c Mon Sep 11 09:42:32
2000
+++ openssl-0.9.6/crypto/objects/obj_dat.c Tue Jul 30 10:54:52 2002
@@ -428,7 +428,7 @@
unsigned long l;
unsigned char *p;
const char *s;
- char tbuf[32];
+ char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
if (buf_len <= 0) return(0);
diff -ur openssl-0.9.6-orig/include/openssl/ssl.h
openssl-0.9.6/include/openssl/ssl.h
--- openssl-0.9.6-orig/include/openssl/ssl.h Sun Sep 24 12:28:24
2000
+++ openssl-0.9.6/include/openssl/ssl.h Tue Jul 30 10:54:52 2002
@@ -1413,6 +1413,7 @@
#define SSL_R_INVALID_COMMAND 280
#define SSL_R_INVALID_PURPOSE 278
#define SSL_R_INVALID_TRUST 279
+#define SSL_R_KEY_ARG_TOO_LONG 1112
#define SSL_R_LENGTH_MISMATCH 159
#define SSL_R_LENGTH_TOO_SHORT 160
#define SSL_R_LIBRARY_BUG 274
@@ -1480,6 +1481,7 @@
#define SSL_R_SHORT_READ 219
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
+#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
diff -ur openssl-0.9.6-orig/ssl/s2_clnt.c openssl-0.9.6/ssl/s2_clnt.c
--- openssl-0.9.6-orig/ssl/s2_clnt.c Mon Sep 11 09:42:56 2000
+++ openssl-0.9.6/ssl/s2_clnt.c Tue Jul 30 10:54:52 2002
@@ -63,6 +63,7 @@
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
+#include "cryptlib.h"
static SSL_METHOD *ssl2_get_client_method(int ver);
static int get_server_finished(SSL *s);
@@ -458,6 +459,7 @@
}
s->s2->conn_id_length=s->s2->tmp.conn_id_length;
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
return(1);
}
@@ -559,6 +561,7 @@
/* make key_arg data */
i=EVP_CIPHER_iv_length(c);
sess->key_arg_length=i;
+ die(i <= SSL_MAX_KEY_ARG_LENGTH);
if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
/* make a master key */
@@ -566,6 +569,7 @@
sess->master_key_length=i;
if (i > 0)
{
+ die(i <= sizeof sess->master_key);
if (RAND_bytes(sess->master_key,i) <= 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@@ -609,6 +613,7 @@
d+=enc;
karg=sess->key_arg_length;
s2n(karg,p); /* key arg size */
+ die(karg <= sizeof sess->key_arg);
memcpy(d,sess->key_arg,(unsigned int)karg);
d+=karg;
@@ -629,6 +634,7 @@
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_CLIENT_FINISHED;
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -878,6 +884,8 @@
{
if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
{
+ die(s->session->session_id_length
+ <= sizeof s->session->session_id);
if (memcmp(buf,s->session->session_id,
(unsigned int)s->session->session_id_length) != 0)
{
diff -ur openssl-0.9.6-orig/ssl/s2_lib.c openssl-0.9.6/ssl/s2_lib.c
--- openssl-0.9.6-orig/ssl/s2_lib.c Mon Sep 11 09:42:56 2000
+++ openssl-0.9.6/ssl/s2_lib.c Tue Jul 30 10:54:52 2002
@@ -62,6 +62,7 @@
#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/md5.h>
+#include "cryptlib.h"
static long ssl2_default_timeout(void );
const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@@ -419,10 +420,14 @@
#endif
km=s->s2->key_material;
+ die(s->s2->key_material_length <= sizeof s->s2->key_material);
for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
{
MD5_Init(&ctx);
+ die(s->session->master_key_length >= 0
+ && s->session->master_key_length
+ < sizeof s->session->master_key);
MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
MD5_Update(&ctx,&c,1);
c++;
@@ -457,6 +462,7 @@
/* state=s->rwstate;*/
error=s->error;
s->error=0;
+ die(error >= 0 && error <= 3);
i=ssl2_write(s,&(buf[3-error]),error);
/* if (i == error) s->rwstate=state; */
diff -ur openssl-0.9.6-orig/ssl/s2_srvr.c openssl-0.9.6/ssl/s2_srvr.c
--- openssl-0.9.6-orig/ssl/s2_srvr.c Mon Sep 11 09:42:56 2000
+++ openssl-0.9.6/ssl/s2_srvr.c Tue Jul 30 10:54:52 2002
@@ -63,6 +63,7 @@
#include <openssl/rand.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
+#include "cryptlib.h"
static SSL_METHOD *ssl2_get_server_method(int ver);
static int get_client_master_key(SSL *s);
@@ -361,12 +362,19 @@
n2s(p,i); s->s2->tmp.clear=i;
n2s(p,i); s->s2->tmp.enc=i;
n2s(p,i); s->session->key_arg_length=i;
+ if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
+ {
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+ SSL_R_KEY_ARG_TOO_LONG);
+ return -1;
+ }
s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
s->init_num=0;
}
/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
p=(unsigned char *)s->init_buf->data;
+ die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
keya=s->session->key_arg_length;
n=s->s2->tmp.clear+s->s2->tmp.enc+keya - s->init_num;
i=ssl2_read(s,(char *)&(p[s->init_num]),n);
@@ -439,6 +447,7 @@
#endif
if (is_export) i+=s->s2->tmp.clear;
+ die(i <= SSL_MAX_MASTER_KEY_LENGTH);
s->session->master_key_length=i;
memcpy(s->session->master_key,p,(unsigned int)i);
return(1);
@@ -579,6 +588,7 @@
p+=s->s2->tmp.session_id_length;
/* challenge */
+ die(s->s2->challenge_length <= sizeof s->s2->challenge);
memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
return(1);
mem_err:
@@ -729,7 +739,8 @@
}
/* SSL2_ST_GET_CLIENT_FINISHED_B */
- i=ssl2_read(s,(char
*)&(p[s->init_num]),s->s2->conn_id_length-s->init_num);
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
+ i = ssl2_read(s, (char *) &(p[s->init_num]), s->s2->conn_id_length - s->init_num);
if (i < (int)s->s2->conn_id_length-s->init_num)
{
return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
@@ -751,6 +762,7 @@
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_SERVER_VERIFY;
+ die(s->s2->challenge_length <= sizeof s->s2->challenge);
memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
/* p+=s->s2->challenge_length; */
@@ -770,6 +782,8 @@
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_SERVER_FINISHED;
+ die(s->session->session_id_length
+ <= sizeof s->session->session_id);
memcpy(p,s->session->session_id,
(unsigned int)s->session->session_id_length);
/* p+=s->session->session_id_length; */
diff -ur openssl-0.9.6-orig/ssl/s3_clnt.c openssl-0.9.6/ssl/s3_clnt.c
--- openssl-0.9.6-orig/ssl/s3_clnt.c Mon Sep 11 09:42:56 2000
+++ openssl-0.9.6/ssl/s3_clnt.c Tue Jul 30 10:54:52 2002
@@ -64,6 +64,7 @@
#include <openssl/sha.h>
#include <openssl/evp.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
static SSL_METHOD *ssl3_get_client_method(int ver);
static int ssl3_client_hello(SSL *s);
@@ -492,6 +493,7 @@
*(p++)=i;
if (i != 0)
{
+ die(i <= sizeof s->session->session_id);
memcpy(p,s->session->session_id,i);
p+=i;
}
@@ -572,6 +574,14 @@
/* get the session-id */
j= *(p++);
+
+ if(j > sizeof s->session->session_id)
+ {
+ al=SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+ SSL_R_SSL3_SESSION_ID_TOO_LONG);
+ goto f_err;
+ }
if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
{
diff -ur openssl-0.9.6-orig/ssl/s3_srvr.c openssl-0.9.6/ssl/s3_srvr.c
--- openssl-0.9.6-orig/ssl/s3_srvr.c Mon Sep 11 09:42:59 2000
+++ openssl-0.9.6/ssl/s3_srvr.c Tue Jul 30 10:54:52 2002
@@ -69,6 +69,7 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
static SSL_METHOD *ssl3_get_server_method(int ver);
static int ssl3_get_client_hello(SSL *s);
@@ -863,6 +864,7 @@
s->session->session_id_length=0;
sl=s->session->session_id_length;
+ die(sl <= sizeof s->session->session_id);
*(p++)=sl;
memcpy(p,s->session->session_id,sl);
p+=sl;
diff -ur openssl-0.9.6-orig/ssl/ssl.h openssl-0.9.6/ssl/ssl.h
--- openssl-0.9.6-orig/ssl/ssl.h Sun Sep 24 12:28:24 2000
+++ openssl-0.9.6/ssl/ssl.h Tue Jul 30 10:54:52 2002
@@ -1413,6 +1413,7 @@
#define SSL_R_INVALID_COMMAND 280
#define SSL_R_INVALID_PURPOSE 278
#define SSL_R_INVALID_TRUST 279
+#define SSL_R_KEY_ARG_TOO_LONG 1112
#define SSL_R_LENGTH_MISMATCH 159
#define SSL_R_LENGTH_TOO_SHORT 160
#define SSL_R_LIBRARY_BUG 274
@@ -1480,6 +1481,7 @@
#define SSL_R_SHORT_READ 219
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
+#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
diff -ur openssl-0.9.6-orig/ssl/ssl_asn1.c openssl-0.9.6/ssl/ssl_asn1.c
--- openssl-0.9.6-orig/ssl/ssl_asn1.c Mon Sep 11 09:43:00 2000
+++ openssl-0.9.6/ssl/ssl_asn1.c Tue Jul 30 10:54:52 2002
@@ -62,6 +62,7 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
typedef struct ssl_session_asn1_st
{
@@ -275,6 +276,7 @@
os.length=i;
ret->session_id_length=os.length;
+ die(os.length <= sizeof ret->session_id);
memcpy(ret->session_id,os.data,os.length);
M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
diff -ur openssl-0.9.6-orig/ssl/ssl_err.c openssl-0.9.6/ssl/ssl_err.c
--- openssl-0.9.6-orig/ssl/ssl_err.c Sun Sep 24 12:28:24 2000
+++ openssl-0.9.6/ssl/ssl_err.c Tue Jul 30 10:54:52 2002
@@ -1,6 +1,6 @@
/* ssl/ssl_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -269,6 +269,7 @@
{SSL_R_INVALID_COMMAND ,"invalid command"},
{SSL_R_INVALID_PURPOSE ,"invalid purpose"},
{SSL_R_INVALID_TRUST ,"invalid trust"},
+{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"},
{SSL_R_LENGTH_MISMATCH ,"length mismatch"},
{SSL_R_LENGTH_TOO_SHORT ,"length too short"},
{SSL_R_LIBRARY_BUG ,"library bug"},
@@ -336,6 +337,7 @@
{SSL_R_SHORT_READ ,"short read"},
{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
+{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},
{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"},
diff -ur openssl-0.9.6-orig/ssl/ssl_sess.c openssl-0.9.6/ssl/ssl_sess.c
--- openssl-0.9.6-orig/ssl/ssl_sess.c Mon Sep 11 09:43:01 2000
+++ openssl-0.9.6/ssl/ssl_sess.c Tue Jul 30 10:54:52 2002
@@ -60,6 +60,7 @@
#include <openssl/lhash.h>
#include <openssl/rand.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
@@ -199,6 +200,7 @@
ss->session_id_length=0;
}
+ die(s->sid_ctx_length <= sizeof ss->sid_ctx);
memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
ss->sid_ctx_length=s->sid_ctx_length;
s->session=ss;
(8791730) /Ademar de Souza Reis Jr. <ademar@conectiva.com.br>/(Ombruten)
8790450 2002-07-30 10:58 +0100 /153 rader/ Ben Laurie <ben@algroup.co.uk>
Sänt av: joel@lysator.liu.se
Importerad: 2002-07-30 16:40 av Brevbäraren
Extern mottagare: OpenSSL Announce <openssl-announce@openssl.org>
Extern mottagare: Bugtraq <BUGTRAQ@SECURITYFOCUS.COM>
Extern mottagare: Apache SSL Announce <apache-sslannounce@lists.aldigital.co.uk>
Mottagare: Bugtraq (import) <23356>
Ärende: OpenSSL Security Altert - Remote Buffer Overflows
------------------------------------------------------------
From: Ben Laurie <ben@algroup.co.uk>
To: OpenSSL Announce <openssl-announce@openssl.org>,
Bugtraq <BUGTRAQ@SECURITYFOCUS.COM>,
Apache SSL Announce <apache-sslannounce@lists.aldigital.co.uk>
Message-ID: <3D46633B.80403@algroup.co.uk>
OpenSSL Security Advisory [30 July 2002]
This advisory consists of two independent advisories, merged, and is
an official OpenSSL advisory.
Advisory 1
==========
A.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are
conducting a security review of OpenSSL, under the DARPA program
CHATS.
Vulnerabilities
---------------
All four of these are potentially remotely exploitable.
1. The client master key in SSL2 could be oversized and overrun a
buffer. This vulnerability was also independently discovered by
consultants at Neohapsis (http://www.neohapsis.com/) who have also
demonstrated that the vulerability is exploitable. Exploit code is
NOT available at this time.
2. The session ID supplied to a client in SSL3 could be oversized and
overrun a buffer.
3. The master key supplied to an SSL3 server could be oversized and
overrun a stack-based buffer. This issues only affects OpenSSL
0.9.7 before 0.9.7-beta3 with Kerberos enabled.
4. Various buffers for ASCII representations of integers were too
small on 64 bit platforms.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0656 to issues 1-2, CAN-2002-0657 to issue
3, and CAN-2002-0655 to issue 4.
In addition various potential buffer overflows not known to be
exploitable have had assertions added to defend against them.
Who is affected?
----------------
Everyone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or
current development snapshots of 0.9.7 to provide SSL or TLS is
vulnerable, whether client or server. 0.9.6d servers on 32-bit systems
with SSL 2.0 disabled are not vulnerable.
SSLeay is probably also affected.
Recommendations
---------------
Apply the attached patch to OpenSSL 0.9.6d, or upgrade to OpenSSL
0.9.6e. Recompile all applications using OpenSSL to provide SSL or
TLS.
A patch for 0.9.7 is available from the OpenSSL website
(http://www.openssl.org/).
Servers can disable SSL2, alternatively disable all applications using
SSL or TLS until the patches are applied. Users of 0.9.7 pre-release
versions with Kerberos enabled will also have to disable Kerberos.
Client should be disabled altogether until the patches are applied.
Known Exploits
--------------
There are no know exploits available for these vulnerabilities. As
noted above, Neohapsis have demonstrated internally that an exploit is
possible, but have not released the exploit code.
References
----------
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0657
Acknowledgements
----------------
The project leading to this advisory is sponsored by the Defense
Advanced Research Projects Agency (DARPA) and Air Force Research
Laboratory, Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
The patch and advisory were prepared by Ben Laurie.
Advisory 2
==========
Vulnerabilities
---------------
The ASN1 parser can be confused by supplying it with certain invalid
encodings.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0659 to this issue.
Who is affected?
----------------
Any OpenSSL program which uses the ASN1 library to parse untrusted
data. This includes all SSL or TLS applications, those using S/MIME
(PKCS#7) or certificate generation routines.
Recommendations
---------------
Apply the patch to OpenSSL, or upgrade to OpenSSL 0.9.6e. Recompile
all applications using OpenSSL.
Users of 0.9.7 pre-release versions should apply the patch or upgrade
to 0.9.7-beta3 or later. Recompile all applications using OpenSSL.
Exploits
--------
There are no known exploits for this vulnerability.
References
----------
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659
Acknowledgements
----------------
This vulnerability was discovered by Adi Stav <stav@mercury.co.il>
and James Yonan <jim@ntlp.com> independently. The patch is partly
based on a version by Adi Stav.
The patch and advisory were prepared by Dr. Stephen Henson.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
Available for contract work.
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
(8790450) /Ben Laurie <ben@algroup.co.uk>/----------
Bilaga (text/plain) i text 8790451
Kommentar i text 8801960 av Scott Gifford <sgifford@suspectclass.com>
8790451 2002-07-30 10:58 +0100 /519 rader/ Ben Laurie <ben@algroup.co.uk>
Bilagans filnamn: "openssl-0.9.6d-sec.patch"
Importerad: 2002-07-30 16:40 av Brevbäraren
Extern mottagare: OpenSSL Announce <openssl-announce@openssl.org>
Extern mottagare: Bugtraq <BUGTRAQ@SECURITYFOCUS.COM>
Extern mottagare: Apache SSL Announce <apache-sslannounce@lists.aldigital.co.uk>
Mottagare: Bugtraq (import) <23357>
Bilaga (text/plain) till text 8790450
Ärende: Bilaga (openssl-0.9.6d-sec.patch) till: OpenSSL Security Altert - Remote Buffer Overflows
------------------------------------------------------------
Index: CHANGES
===================================================================
RCS file: /e/openssl/cvs/openssl/CHANGES,v
retrieving revision 1.618.2.158
diff -u -r1.618.2.158 CHANGES
--- CHANGES 2002/05/09 22:40:31 1.618.2.158
+++ CHANGES 2002/07/30 09:14:15
@@ -2,6 +2,35 @@
OpenSSL CHANGES
_______________
+ Changes in security patch
+
+Changes marked "(CHATS)" were sponsored by the Defense Advanced
+Research Projects Agency (DARPA) and Air Force Research Laboratory,
+Air Force Materiel Command, USAF, under agreement number
+F30602-01-2-0537.
+
+ *) Add various sanity checks to asn1_get_length() to reject
+ the ASN1 length bytes if they exceed sizeof(long), will appear
+ negative or the content length exceeds the length of the
+ supplied buffer. (CAN-2002-0659)
+ [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+
+ *) Assertions for various potential buffer overflows, not known to
+ happen in practice.
+ [Ben Laurie (CHATS)]
+
+ *) Various temporary buffers to hold ASCII versions of integers
were
+ too small for 64 bit platforms. (CAN-2002-0655)
+ [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
+
+ *) Remote buffer overflow in SSL3 protocol - an attacker could
+ supply an oversized session ID to a client. (CAN-2002-0656)
+ [Ben Laurie (CHATS)]
+
+ *) Remote buffer overflow in SSL2 protocol - an attacker could
+ supply an oversized client master key. (CAN-2002-0656)
+ [Ben Laurie (CHATS)]
+
Changes between 0.9.6c and 0.9.6d [9 May 2002]
*) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
Index: crypto/cryptlib.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/cryptlib.c,v
retrieving revision 1.20.2.4
diff -u -r1.20.2.4 cryptlib.c
--- crypto/cryptlib.c 2001/11/23 20:57:59 1.20.2.4
+++ crypto/cryptlib.c 2002/07/30 09:14:15
@@ -491,3 +491,11 @@
#endif
#endif
+
+void OpenSSLDie(const char *file,int line,const char *assertion)
+ {
+ fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
+ file,line,assertion);
+ abort();
+ }
+
Index: crypto/cryptlib.h
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/cryptlib.h,v
retrieving revision 1.8
diff -u -r1.8 cryptlib.h
--- crypto/cryptlib.h 2000/05/02 12:35:04 1.8
+++ crypto/cryptlib.h 2002/07/30 09:14:16
@@ -89,6 +89,14 @@
#define X509_CERT_DIR_EVP "SSL_CERT_DIR"
#define X509_CERT_FILE_EVP "SSL_CERT_FILE"
+/* size of string represenations */
+#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
+#define HEX_SIZE(type) ((sizeof(type)*2)
+
+/* die if we have to */
+void OpenSSLDie(const char *file,int line,const char *assertion);
+#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
+
#ifdef __cplusplus
}
#endif
Index: crypto/asn1/asn1_lib.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/asn1/asn1_lib.c,v
retrieving revision 1.19.2.1
diff -u -r1.19.2.1 asn1_lib.c
--- crypto/asn1/asn1_lib.c 2001/03/30 13:42:32 1.19.2.1
+++ crypto/asn1/asn1_lib.c 2002/07/30 09:14:17
@@ -124,15 +124,13 @@
(int)(omax+ *pp));
#endif
-#if 0
- if ((p+ *plength) > (omax+ *pp))
+ if (*plength > (omax - (*pp - p)))
{
ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
/* Set this so that even if things are not long enough
* the values are set correctly */
ret|=0x80;
}
-#endif
*pp=p;
return(ret|inf);
err:
@@ -159,6 +157,8 @@
i= *p&0x7f;
if (*(p++) & 0x80)
{
+ if (i > sizeof(long))
+ return 0;
if (max-- == 0) return(0);
while (i-- > 0)
{
@@ -170,6 +170,8 @@
else
ret=i;
}
+ if (ret < 0)
+ return 0;
*pp=p;
*rl=ret;
return(1);
@@ -407,7 +409,7 @@
void asn1_add_error(unsigned char *address, int offset)
{
- char buf1[16],buf2[16];
+ char
buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
sprintf(buf1,"%lu",(unsigned long)address);
sprintf(buf2,"%d",offset);
Index: crypto/conf/conf_def.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/conf/conf_def.c,v
retrieving revision 1.3
diff -u -r1.3 conf_def.c
--- crypto/conf/conf_def.c 2000/06/06 15:21:12 1.3
+++ crypto/conf/conf_def.c 2002/07/30 09:14:18
@@ -67,6 +67,7 @@
#include "conf_def.h"
#include <openssl/buffer.h>
#include <openssl/err.h>
+#include "cryptlib.h"
static char *eat_ws(CONF *conf, char *p);
static char *eat_alpha_numeric(CONF *conf, char *p);
@@ -180,12 +181,12 @@
static int def_load(CONF *conf, BIO *in, long *line)
{
#define BUFSIZE 512
- char btmp[16];
int bufnum=0,i,ii;
BUF_MEM *buff=NULL;
char *s,*p,*end;
int again,n;
long eline=0;
+ char btmp[DECIMAL_SIZE(eline)+1];
CONF_VALUE *v=NULL,*tv;
CONF_VALUE *sv=NULL;
char *section=NULL,*buf;
Index: crypto/objects/obj_dat.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/objects/obj_dat.c,v
retrieving revision 1.16.2.2
diff -u -r1.16.2.2 obj_dat.c
--- crypto/objects/obj_dat.c 2002/04/18 11:52:28 1.16.2.2
+++ crypto/objects/obj_dat.c 2002/07/30 09:14:19
@@ -428,7 +428,7 @@
unsigned long l;
unsigned char *p;
const char *s;
- char tbuf[32];
+ char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
if (buf_len <= 0) return(0);
Index: ssl/s2_clnt.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s2_clnt.c,v
retrieving revision 1.27.2.4
diff -u -r1.27.2.4 s2_clnt.c
--- ssl/s2_clnt.c 2001/11/10 10:43:51 1.27.2.4
+++ ssl/s2_clnt.c 2002/07/30 09:14:25
@@ -116,6 +116,7 @@
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
+#include "cryptlib.h"
static SSL_METHOD *ssl2_get_client_method(int ver);
static int get_server_finished(SSL *s);
@@ -517,6 +518,7 @@
}
s->s2->conn_id_length=s->s2->tmp.conn_id_length;
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
return(1);
}
@@ -618,6 +620,7 @@
/* make key_arg data */
i=EVP_CIPHER_iv_length(c);
sess->key_arg_length=i;
+ die(i <= SSL_MAX_KEY_ARG_LENGTH);
if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
/* make a master key */
@@ -625,6 +628,7 @@
sess->master_key_length=i;
if (i > 0)
{
+ die(i <= sizeof sess->master_key);
if (RAND_bytes(sess->master_key,i) <= 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@@ -668,6 +672,7 @@
d+=enc;
karg=sess->key_arg_length;
s2n(karg,p); /* key arg size */
+ die(karg <= sizeof sess->key_arg);
memcpy(d,sess->key_arg,(unsigned int)karg);
d+=karg;
@@ -688,6 +693,7 @@
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_CLIENT_FINISHED;
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -944,6 +950,8 @@
{
if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
{
+ die(s->session->session_id_length
+ <= sizeof s->session->session_id);
if (memcmp(buf,s->session->session_id,
(unsigned int)s->session->session_id_length) != 0)
{
Index: ssl/s2_lib.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s2_lib.c,v
retrieving revision 1.29.2.2
diff -u -r1.29.2.2 s2_lib.c
--- ssl/s2_lib.c 2000/12/26 12:06:47 1.29.2.2
+++ ssl/s2_lib.c 2002/07/30 09:14:25
@@ -62,6 +62,7 @@
#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/md5.h>
+#include "cryptlib.h"
static long ssl2_default_timeout(void );
const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@@ -425,10 +426,14 @@
#endif
km=s->s2->key_material;
+ die(s->s2->key_material_length <= sizeof s->s2->key_material);
for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
{
MD5_Init(&ctx);
+ die(s->session->master_key_length >= 0
+ && s->session->master_key_length
+ < sizeof s->session->master_key);
MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
MD5_Update(&ctx,&c,1);
c++;
@@ -463,6 +468,7 @@
/* state=s->rwstate;*/
error=s->error;
s->error=0;
+ die(error >= 0 && error <= 3);
i=ssl2_write(s,&(buf[3-error]),error);
/* if (i == error) s->rwstate=state; */
Index: ssl/s2_srvr.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s2_srvr.c,v
retrieving revision 1.25.2.5
diff -u -r1.25.2.5 s2_srvr.c
--- ssl/s2_srvr.c 2001/11/14 21:19:47 1.25.2.5
+++ ssl/s2_srvr.c 2002/07/30 09:14:26
@@ -116,6 +116,7 @@
#include <openssl/rand.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
+#include "cryptlib.h"
static SSL_METHOD *ssl2_get_server_method(int ver);
static int get_client_master_key(SSL *s);
@@ -417,11 +418,18 @@
n2s(p,i); s->s2->tmp.clear=i;
n2s(p,i); s->s2->tmp.enc=i;
n2s(p,i); s->session->key_arg_length=i;
+ if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
+ {
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+ SSL_R_KEY_ARG_TOO_LONG);
+ return -1;
+ }
s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
}
/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
p=(unsigned char *)s->init_buf->data;
+ die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
keya=s->session->key_arg_length;
len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
@@ -502,6 +510,7 @@
#endif
if (is_export) i+=s->s2->tmp.clear;
+ die(i <= SSL_MAX_MASTER_KEY_LENGTH);
s->session->master_key_length=i;
memcpy(s->session->master_key,p,(unsigned int)i);
return(1);
@@ -649,6 +658,7 @@
p+=s->s2->tmp.session_id_length;
/* challenge */
+ die(s->s2->challenge_length <= sizeof s->s2->challenge);
memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
return(1);
mem_err:
@@ -800,6 +810,7 @@
}
/* SSL2_ST_GET_CLIENT_FINISHED_B */
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
len = 1 + (unsigned long)s->s2->conn_id_length;
n = (int)len - s->init_num;
i = ssl2_read(s,(char *)&(p[s->init_num]),n);
@@ -825,6 +836,7 @@
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_SERVER_VERIFY;
+ die(s->s2->challenge_length <= sizeof s->s2->challenge);
memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
/* p+=s->s2->challenge_length; */
@@ -844,6 +856,8 @@
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_SERVER_FINISHED;
+ die(s->session->session_id_length
+ <= sizeof s->session->session_id);
memcpy(p,s->session->session_id,
(unsigned int)s->session->session_id_length);
/* p+=s->session->session_id_length; */
Index: ssl/s3_clnt.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s3_clnt.c,v
retrieving revision 1.31.2.6
diff -u -r1.31.2.6 s3_clnt.c
--- ssl/s3_clnt.c 2002/01/14 23:42:35 1.31.2.6
+++ ssl/s3_clnt.c 2002/07/30 09:14:27
@@ -117,6 +117,7 @@
#include <openssl/sha.h>
#include <openssl/evp.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
static SSL_METHOD *ssl3_get_client_method(int ver);
static int ssl3_client_hello(SSL *s);
@@ -545,6 +546,7 @@
*(p++)=i;
if (i != 0)
{
+ die(i <= sizeof s->session->session_id);
memcpy(p,s->session->session_id,i);
p+=i;
}
@@ -625,6 +627,14 @@
/* get the session-id */
j= *(p++);
+
+ if(j > sizeof s->session->session_id)
+ {
+ al=SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+ SSL_R_SSL3_SESSION_ID_TOO_LONG);
+ goto f_err;
+ }
if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
{
Index: ssl/s3_srvr.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s3_srvr.c,v
retrieving revision 1.49.2.14
diff -u -r1.49.2.14 s3_srvr.c
--- ssl/s3_srvr.c 2002/04/13 22:49:26 1.49.2.14
+++ ssl/s3_srvr.c 2002/07/30 09:14:28
@@ -122,6 +122,7 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
static SSL_METHOD *ssl3_get_server_method(int ver);
static int ssl3_get_client_hello(SSL *s);
@@ -948,6 +949,7 @@
s->session->session_id_length=0;
sl=s->session->session_id_length;
+ die(sl <= sizeof s->session->session_id);
*(p++)=sl;
memcpy(p,s->session->session_id,sl);
p+=sl;
Index: ssl/ssl.h
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl.h,v
retrieving revision 1.85.2.12
diff -u -r1.85.2.12 ssl.h
--- ssl/ssl.h 2002/01/14 23:42:42 1.85.2.12
+++ ssl/ssl.h 2002/07/30 09:14:29
@@ -1478,6 +1478,7 @@
#define SSL_R_INVALID_COMMAND 280
#define SSL_R_INVALID_PURPOSE 278
#define SSL_R_INVALID_TRUST 279
+#define SSL_R_KEY_ARG_TOO_LONG 1112
#define SSL_R_LENGTH_MISMATCH 159
#define SSL_R_LENGTH_TOO_SHORT 160
#define SSL_R_LIBRARY_BUG 274
@@ -1546,6 +1547,7 @@
#define SSL_R_SHORT_READ 219
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
+#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
Index: ssl/ssl_asn1.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl_asn1.c,v
retrieving revision 1.8
diff -u -r1.8 ssl_asn1.c
--- ssl/ssl_asn1.c 2000/06/01 22:19:19 1.8
+++ ssl/ssl_asn1.c 2002/07/30 09:14:29
@@ -62,6 +62,7 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
typedef struct ssl_session_asn1_st
{
@@ -275,6 +276,7 @@
os.length=i;
ret->session_id_length=os.length;
+ die(os.length <= sizeof ret->session_id);
memcpy(ret->session_id,os.data,os.length);
M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
Index: ssl/ssl_err.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl_err.c,v
retrieving revision 1.28.2.6
diff -u -r1.28.2.6 ssl_err.c
--- ssl/ssl_err.c 2001/11/10 01:15:29 1.28.2.6
+++ ssl/ssl_err.c 2002/07/30 09:14:30
@@ -1,6 +1,6 @@
/* ssl/ssl_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -275,6 +275,7 @@
{SSL_R_INVALID_COMMAND ,"invalid command"},
{SSL_R_INVALID_PURPOSE ,"invalid purpose"},
{SSL_R_INVALID_TRUST ,"invalid trust"},
+{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"},
{SSL_R_LENGTH_MISMATCH ,"length mismatch"},
{SSL_R_LENGTH_TOO_SHORT ,"length too short"},
{SSL_R_LIBRARY_BUG ,"library bug"},
@@ -343,6 +344,7 @@
{SSL_R_SHORT_READ ,"short read"},
{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
+{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},
{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"},
Index: ssl/ssl_sess.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl_sess.c,v
retrieving revision 1.30.2.2
diff -u -r1.30.2.2 ssl_sess.c
--- ssl/ssl_sess.c 2002/02/10 12:52:57 1.30.2.2
+++ ssl/ssl_sess.c 2002/07/30 09:14:30
@@ -60,6 +60,7 @@
#include <openssl/lhash.h>
#include <openssl/rand.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
@@ -199,6 +200,7 @@
ss->session_id_length=0;
}
+ die(s->sid_ctx_length <= sizeof ss->sid_ctx);
memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
ss->sid_ctx_length=s->sid_ctx_length;
s->session=ss;
(8790451) /Ben Laurie <ben@algroup.co.uk>/(Ombruten)
8801960 2002-08-01 02:21 -0400 /46 rader/ Scott Gifford <sgifford@suspectclass.com>
Sänt av: joel@lysator.liu.se
Importerad: 2002-08-02 00:08 av Brevbäraren
Extern mottagare: Bugtraq <BUGTRAQ@SECURITYFOCUS.COM>
Mottagare: Bugtraq (import) <23452>
Kommentar till text 8790450 av Ben Laurie <ben@algroup.co.uk>
Ärende: Re: OpenSSL Security Altert - Remote Buffer Overflows
------------------------------------------------------------
From: Scott Gifford <sgifford@suspectclass.com>
To: "Bugtraq" <BUGTRAQ@SECURITYFOCUS.COM>
Message-ID: <lyd6t314lu.fsf@gfn.org>
"Ben Laurie" <ben@algroup.co.uk> writes:
> OpenSSL Security Advisory [30 July 2002]
>
> This advisory consists of two independent advisories, merged, and is
> an official OpenSSL advisory.
I've done some work on running SSL/TLS code as a separate process in a
chroot jail as an unprivileged user, communicating with the daemon
it's doing encryption for via UNIX domain sockets. This approach
massively mitigates the possible damages from the bugs discovered in
the last day or two.
OpenSSL is good code, but it's over 200,000 lines. It makes sense to
isolate it from the special privileges daemons often have.
The work I've done is with stunnel. See:
http://www.suspectclass.com/~sgifford/stunnel/stunnel-patches.txt
http://www.suspectclass.com/~sgifford/stunnel/stunnel3.22+paranoia0.1-openfd0.1.patch
for the patch to stunnel (and some related patches; I'll be happy to
split out just the paranoia patch if anybody wants it without the
others), and the various README files in:
http://www.suspectclass.com/~sgifford/stunnel-tlsproxy/
for some examples. It currently works fine, has been tested with
several SSL/TLS clients, and has been in production use at a client's
site for about a month.
The stuff that's there right now isn't real user-friendly, but
hopefully these patches or something similar will get incorporated
into stunnel sometime in the near future, and then things will get a
little easier; if there's an interest I can write up some more
documentation.
Please send along any comments, questions, criticisms, etc.
-----ScottG.
(8801960) /Scott Gifford <sgifford@suspectclass.com>/(Ombruten)