summaryrefslogtreecommitdiff
path: root/external/openssl/CVE-2014-3506.patch
diff options
context:
space:
mode:
Diffstat (limited to 'external/openssl/CVE-2014-3506.patch')
-rw-r--r--external/openssl/CVE-2014-3506.patch87
1 files changed, 87 insertions, 0 deletions
diff --git a/external/openssl/CVE-2014-3506.patch b/external/openssl/CVE-2014-3506.patch
new file mode 100644
index 000000000000..45b87dc5f43c
--- /dev/null
+++ b/external/openssl/CVE-2014-3506.patch
@@ -0,0 +1,87 @@
+From fc7804ec392fcf8051abe6bc9da9108744d2ae35 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Fri, 6 Jun 2014 14:25:52 -0700
+Subject: [PATCH] Fix DTLS handshake message size checks.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+In |dtls1_reassemble_fragment|, the value of
+|msg_hdr->frag_off+frag_len| was being checked against the maximum
+handshake message size, but then |msg_len| bytes were allocated for the
+fragment buffer. This means that so long as the fragment was within the
+allowed size, the pending handshake message could consume 16MB + 2MB
+(for the reassembly bitmap). Approx 10 outstanding handshake messages
+are allowed, meaning that an attacker could consume ~180MB per DTLS
+connection.
+
+In the non-fragmented path (in |dtls1_process_out_of_seq_message|), no
+check was applied.
+
+Fixes CVE-2014-3506
+
+Wholly based on patch by Adam Langley with one minor amendment.
+
+Reviewed-by: Emilia Käsper <emilia@openssl.org>
+---
+ ssl/d1_both.c | 29 ++++++++++++++++-------------
+ 1 file changed, 16 insertions(+), 13 deletions(-)
+
+diff --git a/ssl/d1_both.c b/ssl/d1_both.c
+index 6559dfc..b9e15df 100644
+--- a/a/ssl/d1_both.c
++++ b/b/ssl/d1_both.c
+@@ -587,6 +587,16 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
+ return 0;
+ }
+
++/* dtls1_max_handshake_message_len returns the maximum number of bytes
++ * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but may
++ * be greater if the maximum certificate list size requires it. */
++static unsigned long dtls1_max_handshake_message_len(const SSL *s)
++ {
++ unsigned long max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
++ if (max_len < (unsigned long)s->max_cert_list)
++ return s->max_cert_list;
++ return max_len;
++ }
+
+ static int
+ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
+@@ -595,20 +605,10 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
+ pitem *item = NULL;
+ int i = -1, is_complete;
+ unsigned char seq64be[8];
+- unsigned long frag_len = msg_hdr->frag_len, max_len;
+-
+- if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
+- goto err;
+-
+- /* Determine maximum allowed message size. Depends on (user set)
+- * maximum certificate length, but 16k is minimum.
+- */
+- if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < s->max_cert_list)
+- max_len = s->max_cert_list;
+- else
+- max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
++ unsigned long frag_len = msg_hdr->frag_len;
+
+- if ((msg_hdr->frag_off+frag_len) > max_len)
++ if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len ||
++ msg_hdr->msg_len > dtls1_max_handshake_message_len(s))
+ goto err;
+
+ /* Try to find item in queue */
+@@ -749,6 +749,9 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
+ if (frag_len && frag_len < msg_hdr->msg_len)
+ return dtls1_reassemble_fragment(s, msg_hdr, ok);
+
++ if (frag_len > dtls1_max_handshake_message_len(s))
++ goto err;
++
+ frag = dtls1_hm_fragment_new(frag_len, 0);
+ if ( frag == NULL)
+ goto err;
+--
+1.8.3.1
+