On Tue, Apr 8, 2014 at 4:47 AM, Stijn Tintel <st...@linux-ipv6.be> wrote: > This patch, taken from upstream commit > 96db9023b881d7cd9f379b0c154650d6c108e9a3, fixes the Heartbleed bug > (CVE-2014-0160).
IMHO it would make sense to update to 1.0.1g instead. At least I've done that in my local tree ... Helmut > Signed-off-by: Stijn Tintel <st...@linux-ipv6.be> > --- > package/openssl/Makefile | 2 +- > package/openssl/patches/210-CVE-2014-0160.patch | 87 > +++++++++++++++++++++++++ > 2 files changed, 88 insertions(+), 1 deletion(-) > create mode 100644 package/openssl/patches/210-CVE-2014-0160.patch > > diff --git a/package/openssl/Makefile b/package/openssl/Makefile > index fa08774..fc3d1cf 100644 > --- a/package/openssl/Makefile > +++ b/package/openssl/Makefile > @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk > > PKG_NAME:=openssl > PKG_VERSION:=1.0.1e > -PKG_RELEASE:=1 > +PKG_RELEASE:=2 > > PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz > PKG_SOURCE_URL:=http://www.openssl.org/source/ \ > diff --git a/package/openssl/patches/210-CVE-2014-0160.patch > b/package/openssl/patches/210-CVE-2014-0160.patch > new file mode 100644 > index 0000000..245de18 > --- /dev/null > +++ b/package/openssl/patches/210-CVE-2014-0160.patch > @@ -0,0 +1,87 @@ > +--- a/ssl/d1_both.c > ++++ b/ssl/d1_both.c > +@@ -1452,26 +1452,36 @@ dtls1_process_heartbeat(SSL *s) > + unsigned int payload; > + unsigned int padding = 16; /* Use minimum padding */ > + > +- /* Read type and payload length first */ > +- hbtype = *p++; > +- n2s(p, payload); > +- pl = p; > +- > + if (s->msg_callback) > + s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, > + &s->s3->rrec.data[0], s->s3->rrec.length, > + s, s->msg_callback_arg); > + > ++ /* Read type and payload length first */ > ++ if (1 + 2 + 16 > s->s3->rrec.length) > ++ return 0; /* silently discard */ > ++ hbtype = *p++; > ++ n2s(p, payload); > ++ if (1 + 2 + payload + 16 > s->s3->rrec.length) > ++ return 0; /* silently discard per RFC 6520 sec. 4 */ > ++ pl = p; > ++ > + if (hbtype == TLS1_HB_REQUEST) > + { > + unsigned char *buffer, *bp; > ++ unsigned int write_length = 1 /* heartbeat type */ + > ++ 2 /* heartbeat length */ + > ++ payload + padding; > + int r; > + > ++ if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) > ++ return 0; > ++ > + /* Allocate memory for the response, size is 1 byte > + * message type, plus 2 bytes payload length, plus > + * payload, plus padding > + */ > +- buffer = OPENSSL_malloc(1 + 2 + payload + padding); > ++ buffer = OPENSSL_malloc(write_length); > + bp = buffer; > + > + /* Enter response type, length and copy payload */ > +@@ -1482,11 +1492,11 @@ dtls1_process_heartbeat(SSL *s) > + /* Random padding */ > + RAND_pseudo_bytes(bp, padding); > + > +- r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + > payload + padding); > ++ r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, > write_length); > + > + if (r >= 0 && s->msg_callback) > + s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, > +- buffer, 3 + payload + padding, > ++ buffer, write_length, > + s, s->msg_callback_arg); > + > + OPENSSL_free(buffer); > +--- a/ssl/t1_lib.c > ++++ b/ssl/t1_lib.c > +@@ -2486,16 +2486,20 @@ tls1_process_heartbeat(SSL *s) > + unsigned int payload; > + unsigned int padding = 16; /* Use minimum padding */ > + > +- /* Read type and payload length first */ > +- hbtype = *p++; > +- n2s(p, payload); > +- pl = p; > +- > + if (s->msg_callback) > + s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, > + &s->s3->rrec.data[0], s->s3->rrec.length, > + s, s->msg_callback_arg); > + > ++ /* Read type and payload length first */ > ++ if (1 + 2 + 16 > s->s3->rrec.length) > ++ return 0; /* silently discard */ > ++ hbtype = *p++; > ++ n2s(p, payload); > ++ if (1 + 2 + payload + 16 > s->s3->rrec.length) > ++ return 0; /* silently discard per RFC 6520 sec. 4 */ > ++ pl = p; > ++ > + if (hbtype == TLS1_HB_REQUEST) > + { > + unsigned char *buffer, *bp; > -- > 1.8.3.2 > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
