diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2014-04-08 12:17:09 +0100 |
|---|---|---|
| committer | Caolán McNamara <caolanm@redhat.com> | 2014-04-08 12:19:29 +0100 |
| commit | ccd048fa17a206d7ac57d3a888d0181ad2ea1e7c (patch) | |
| tree | 7a7dc6355b4c5a2ef10db4e1611794773cac8bd2 /external | |
| parent | a3416803959b2eb472d5946cbeb8048582f83123 (diff) | |
bump to openssl-1.0.1g
Change-Id: I1e0ee6aa3d136c75309c5c70011da787806efa1f
Diffstat (limited to 'external')
| -rw-r--r-- | external/openssl/CVE-2014-0160.patch | 108 | ||||
| -rw-r--r-- | external/openssl/UnpackedTarball_openssl.mk | 1 |
2 files changed, 0 insertions, 109 deletions
diff --git a/external/openssl/CVE-2014-0160.patch b/external/openssl/CVE-2014-0160.patch deleted file mode 100644 index ddf9d9c517ec..000000000000 --- a/external/openssl/CVE-2014-0160.patch +++ /dev/null @@ -1,108 +0,0 @@ -From: Dr. Stephen Henson <steve@openssl.org> -Date: Sat, 5 Apr 2014 23:51:06 +0000 (+0100) -Subject: Add heartbeat extension bounds check. -X-Git-Tag: OpenSSL_1_0_1g~3 -X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=96db902 - -Add heartbeat extension bounds check. - -A missing bounds check in the handling of the TLS heartbeat extension -can be used to reveal up to 64k of memory to a connected client or -server. - -Thanks for Neel Mehta of Google Security for discovering this bug and to -Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for -preparing the fix (CVE-2014-0160) ---- - -diff --git a/a/ssl/d1_both.c b/ssl/d1_both.c -index 7a5596a..2e8cf68 100644 ---- a/a/ssl/d1_both.c -+++ a/b/ssl/d1_both.c -@@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s) - unsigned int payload; - unsigned int padding = 16; /* Use minimum padding */ - -- /* Read type and payload length first */ -- hbtype = *p++; -- n2s(p, payload); -- pl = p; -- - if (s->msg_callback) - s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, - &s->s3->rrec.data[0], s->s3->rrec.length, - s, s->msg_callback_arg); - -+ /* Read type and payload length first */ -+ if (1 + 2 + 16 > s->s3->rrec.length) -+ return 0; /* silently discard */ -+ hbtype = *p++; -+ n2s(p, payload); -+ if (1 + 2 + payload + 16 > s->s3->rrec.length) -+ return 0; /* silently discard per RFC 6520 sec. 4 */ -+ pl = p; -+ - if (hbtype == TLS1_HB_REQUEST) - { - unsigned char *buffer, *bp; -+ unsigned int write_length = 1 /* heartbeat type */ + -+ 2 /* heartbeat length */ + -+ payload + padding; - int r; - -+ if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) -+ return 0; -+ - /* Allocate memory for the response, size is 1 byte - * message type, plus 2 bytes payload length, plus - * payload, plus padding - */ -- buffer = OPENSSL_malloc(1 + 2 + payload + padding); -+ buffer = OPENSSL_malloc(write_length); - bp = buffer; - - /* Enter response type, length and copy payload */ -@@ -1489,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s) - /* Random padding */ - RAND_pseudo_bytes(bp, padding); - -- r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); -+ r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); - - if (r >= 0 && s->msg_callback) - s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, -- buffer, 3 + payload + padding, -+ buffer, write_length, - s, s->msg_callback_arg); - - OPENSSL_free(buffer); -diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index b82fada..bddffd9 100644 ---- a/a/ssl/t1_lib.c -+++ a/b/ssl/t1_lib.c -@@ -2588,16 +2588,20 @@ tls1_process_heartbeat(SSL *s) - unsigned int payload; - unsigned int padding = 16; /* Use minimum padding */ - -- /* Read type and payload length first */ -- hbtype = *p++; -- n2s(p, payload); -- pl = p; -- - if (s->msg_callback) - s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, - &s->s3->rrec.data[0], s->s3->rrec.length, - s, s->msg_callback_arg); - -+ /* Read type and payload length first */ -+ if (1 + 2 + 16 > s->s3->rrec.length) -+ return 0; /* silently discard */ -+ hbtype = *p++; -+ n2s(p, payload); -+ if (1 + 2 + payload + 16 > s->s3->rrec.length) -+ return 0; /* silently discard per RFC 6520 sec. 4 */ -+ pl = p; -+ - if (hbtype == TLS1_HB_REQUEST) - { - unsigned char *buffer, *bp; diff --git a/external/openssl/UnpackedTarball_openssl.mk b/external/openssl/UnpackedTarball_openssl.mk index 869a74e11b14..cec09d28f5e9 100644 --- a/external/openssl/UnpackedTarball_openssl.mk +++ b/external/openssl/UnpackedTarball_openssl.mk @@ -91,7 +91,6 @@ $(eval $(call gb_UnpackedTarball_fix_end_of_line,openssl,\ )) $(eval $(call gb_UnpackedTarball_add_patches,openssl,\ - external/openssl/CVE-2014-0160.patch \ $(if $(filter LINUX FREEBSD ANDROID,$(OS)),external/openssl/openssllnx.patch) \ $(if $(filter WNTGCC,$(OS)$(COM)),external/openssl/opensslmingw.patch) \ $(if $(filter MSC,$(COM)),external/openssl/opensslwnt.patch) \ |