> jaltman> Now the choices as I see it are: > jaltman> > jaltman> . export the function. which I have done in order to get the > jaltman> code to compile and link on Windows, or > jaltman> > jaltman> . remove the call entirely and instead simply have OpenSSL return > jaltman> an error to the application as is done with other length checks > jaltman> > jaltman> For example, in ssl_sess.c ssl_get_new_session() the error > jaltman> SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH is returned if tmp > > jaltman> ss->session_id_length. I don't see why we need to call abort() (via > jaltman> die()) if s->sid_ctx_length > sizeof ss->sid_ctx. > > I believe it was done this way because time was too short to explore > what cases one should die at and what cases one should not, including > the ramifications of returning an error instead of using the biggest > canon available. > > The possible threasts are serious, and at least in a hopefully short > amount of time, we will look at those die() statements and deal with > them in any way that seems appropriate. At this moment, it was more > important to kill the possible holes quickly and swiftly rather than > spend time being kind to the applications. > > My 2 cents, others may have a different opinion.
That is fine. So the patches are out and already need to be replaced since they do not compile on two major platforms. The primary concern was to get notification out and patches that stop the attacks. That has been done. Arne has mentioned that he is working on alternate patches. All of the functions in which die() was inserted already return errors when comparing buffer lengths except for: s2_clnt.c client_finished() s2_lib.c ssl2_generate_key_material() s2_lib.c ssl2_write_error() s2_srvr.c server_verify() s2_srvr.c server_finished() of these, client_finished() is safe to return an error value < 0 ssl2_generate_key_material() is void and so needs to have its interface changed in order to return an error. It is only called from ssl2_enc_init(). ssl2_enc_init() already returns error conditions. ssl2_write_error() is void. It is called from ssl2_return_error() which is also void and from ssl2_write() which is already returning errors to the caller. ssl2_return_error() is always called from locations that are already in the process of returning errors to the caller. server_verify() is safe to return an error value < 0 server_finish() is safe to return an error value < 0 So it seems that we should be able to safely return errors from all of them with minor interface changes to two functions. (void -> int) Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/ Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]