Re: Bug#801413: wheezy: update for polarssl's CVE-2015-5291
On Feb/06, Guido Günther wrote: > > A few things on the debdiff you just posted: > > - The attachment came though in ISO-8859-1 instead of UTF-8 and > > lintian didn't like it. Hopefully the file is ok on your machine > > though. > > - I think the ssl-server-test needs an 'isolation-container' > > restriction since it opens TCP ports. Hi Guido, can I get the updated debdiff ? I'm about to review it. Cheers, --Seb
Re: Bug#801413: wheezy: update for polarssl's CVE-2015-5291
Hi, On Fri, Feb 05, 2016 at 08:44:37PM +, James Cowgill wrote: > Hi! > > On Fri, 2016-02-05 at 14:24 +0100, Guido Günther wrote: > > Hi, > > On Mon, Feb 01, 2016 at 09:51:54AM +0100, Sébastien Delafond wrote: > > > On Jan/31, Guido Günther wrote: > > > > Uploaded now. Thanks! > > > > > > Hi Guido, > > > > > > have you looked into fixing the jessie version (1.3.9-2.1) as well ? If > > > not, I'll need to look into it later this week, so that a DSA for > > > CVE-2015-5291 fixes both wheezy and jessie. > > > > Debdiff attached. It's far more intrusive since we also have to deal > > with CVE-2015-8036. > > > > James you alread discussed the best way forward at > > > > > > https://tls.mbed.org/discussions/bug-report-issues/question-about-cve-2015-5291 > > > > with upstream so I'm very interesed in your opinion on this as well. > > Upstream would obviously like Debian to use the point releases of > polarssl, but they broke the ABI in the 1.3 series since 1.3.9 so we > can't use them directly. I had a go at reverting the ABI breaking > changes and I posted my attempt earlier to this bug report, but the > changes I had to make were very intrusive and they'll probably have to > fixed up again every time there is a new release. >From what I read and figured from the Git commits I wonder if we should open CVEs for the other fixes in 1.3.14 too? > I'm beginning to feel like cherry picking the CVE related fixes (like > you've done) is probably the best solution, especially since this has > already taken some time to fix. Yeah, I think we should go ahead an fix these and rather revisit the problem in case we have more issues to fix. > > A few things on the debdiff you just posted: > - The attachment came though in ISO-8859-1 instead of UTF-8 and > lintian didn't like it. Hopefully the file is ok on your machine > though. > - I think the ssl-server-test needs an 'isolation-container' > restriction since it opens TCP ports. Good point, isolation-container restricction added. Cheers, -- Guido
Re: Bug#801413: wheezy: update for polarssl's CVE-2015-5291
Hi! On Fri, 2016-02-05 at 14:24 +0100, Guido Günther wrote: > Hi, > On Mon, Feb 01, 2016 at 09:51:54AM +0100, Sébastien Delafond wrote: > > On Jan/31, Guido Günther wrote: > > > Uploaded now. Thanks! > > > > Hi Guido, > > > > have you looked into fixing the jessie version (1.3.9-2.1) as well ? If > > not, I'll need to look into it later this week, so that a DSA for > > CVE-2015-5291 fixes both wheezy and jessie. > > Debdiff attached. It's far more intrusive since we also have to deal > with CVE-2015-8036. > > James you alread discussed the best way forward at > > > https://tls.mbed.org/discussions/bug-report-issues/question-about-cve-2015-5291 > > with upstream so I'm very interesed in your opinion on this as well. Upstream would obviously like Debian to use the point releases of polarssl, but they broke the ABI in the 1.3 series since 1.3.9 so we can't use them directly. I had a go at reverting the ABI breaking changes and I posted my attempt earlier to this bug report, but the changes I had to make were very intrusive and they'll probably have to fixed up again every time there is a new release. I'm beginning to feel like cherry picking the CVE related fixes (like you've done) is probably the best solution, especially since this has already taken some time to fix. A few things on the debdiff you just posted: - The attachment came though in ISO-8859-1 instead of UTF-8 and lintian didn't like it. Hopefully the file is ok on your machine though. - I think the ssl-server-test needs an 'isolation-container' restriction since it opens TCP ports. Thanks, James signature.asc Description: This is a digitally signed message part
Re: wheezy: update for polarssl's CVE-2015-5291
On Jan/31, Guido Günther wrote: > Uploaded now. Thanks! Hi Guido, have you looked into fixing the jessie version (1.3.9-2.1) as well ? If not, I'll need to look into it later this week, so that a DSA for CVE-2015-5291 fixes both wheezy and jessie. Cheers, --Seb
wheezy: update for polarssl's CVE-2015-5291
Hi, I've forward ported Thorsten's fix fow squeeze to wheezy and added some autopkgtest (debdiff attached). Please find the debdiff attached. I'd be happy to upload ths to security master. Cheers, -- Guido diff --git a/debian/changelog b/debian/changelog index b52643b..b6c42f0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +polarssl (1.2.9-1~deb7u6) wheezy-security; urgency=high + + * Non-maintainer upload by the LTS Security Team. + * CVE-2015-5291: Remote attack on clients using session tickets or SNI + + -- Guido GüntherSat, 23 Jan 2016 15:47:29 +0100 + polarssl (1.2.9-1~deb7u5) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. diff --git a/debian/patches/CVE-2015-5291-1.patch b/debian/patches/CVE-2015-5291-1.patch new file mode 100644 index 000..f1dc35c --- /dev/null +++ b/debian/patches/CVE-2015-5291-1.patch @@ -0,0 +1,27 @@ +Index: polarssl-1.2.9/include/polarssl/ssl.h +=== +--- polarssl-1.2.9.orig/include/polarssl/ssl.h 2015-10-22 15:42:52.0 +0200 polarssl-1.2.9/include/polarssl/ssl.h 2015-10-22 15:44:14.0 +0200 +@@ -123,6 +123,8 @@ + #define SSL_LEGACY_ALLOW_RENEGOTIATION 1 + #define SSL_LEGACY_BREAK_HANDSHAKE 2 + ++#define SSL_MAX_HOST_NAME_LEN 255 /*!< Maximum host name defined in RFC 1035 */ ++ + /* + * Size of the input / output buffer. + * Note: the RFC defines the default size of SSL / TLS messages. If you +Index: polarssl-1.2.9/library/ssl_tls.c +=== +--- polarssl-1.2.9.orig/library/ssl_tls.c 2015-10-22 15:42:52.0 +0200 polarssl-1.2.9/library/ssl_tls.c 2015-10-22 15:45:02.0 +0200 +@@ -3260,6 +3260,9 @@ + if( ssl->hostname_len + 1 == 0 ) + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + ++if( ssl->hostname_len > SSL_MAX_HOST_NAME_LEN ) ++return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); ++ + ssl->hostname = (unsigned char *) malloc( ssl->hostname_len + 1 ); + + if( ssl->hostname == NULL ) diff --git a/debian/patches/series b/debian/patches/series index 929750e..06dd432 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -5,3 +5,11 @@ CVE-2014-4911.patch CVE-2014-8628.patch CVE-2015-1182.patch + +# fix for CVE-2015-5291 +# -> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5291 +CVE-2015-5291-1.patch +# vulnerable code not present +#CVE-2015-5291-2.patch +#CVE-2015-5291-3.patch +#CVE-2015-5291-4.patch diff --git a/debian/patches/vulernable-code-not-present/CVE-2015-5291-2.patch b/debian/patches/vulernable-code-not-present/CVE-2015-5291-2.patch new file mode 100644 index 000..f4d43ee --- /dev/null +++ b/debian/patches/vulernable-code-not-present/CVE-2015-5291-2.patch @@ -0,0 +1,323 @@ +diff --git a/library/ssl_cli.c b/library/ssl_cli.c +index f603cff..d33 100644 +--- a/library/ssl_cli.c b/library/ssl_cli.c +@@ -65,6 +65,7 @@ static void ssl_write_hostname_ext( ssl_context *ssl, + size_t *olen ) + { + unsigned char *p = buf; ++const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN; + + *olen = 0; + +@@ -74,6 +75,12 @@ static void ssl_write_hostname_ext( ssl_context *ssl, + SSL_DEBUG_MSG( 3, ( "client hello, adding server name extension: %s", +ssl->hostname ) ); + ++if( (size_t)(end - p) < ssl->hostname_len + 9 ) ++{ ++ SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); ++ return; ++} ++ + /* + * struct { + * NameType name_type; +@@ -117,6 +124,7 @@ static void ssl_write_renegotiation_ext( ssl_context *ssl, + size_t *olen ) + { + unsigned char *p = buf; ++const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN; + + *olen = 0; + +@@ -125,6 +133,12 @@ static void ssl_write_renegotiation_ext( ssl_context *ssl, + + SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) ); + ++if( (size_t)(end - p) < 5 + ssl->verify_data_len ) ++{ ++SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); ++return; ++} ++ + /* + * Secure renegotiation + */ +@@ -151,6 +165,7 @@ static void ssl_write_signature_algorithms_ext( ssl_context *ssl, + size_t *olen ) + { + unsigned char *p = buf; ++const unsigned char *end = ssl->out_msg + SSL_MAX_CONTENT_LEN; + size_t sig_alg_len = 0; + #if defined(POLARSSL_RSA_C) || defined(POLARSSL_ECDSA_C) + unsigned char *sig_alg_list = buf + 6; +@@ -163,9 +178,54 @@ static void ssl_write_signature_algorithms_ext( ssl_context *ssl, + + SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) ); + ++#if defined(POLARSSL_RSA_C) ++#if defined(POLARSSL_SHA512_C) ++/* SHA512 + RSA signature, SHA384 + RSA signature */ ++sig_alg_len += 4; ++#endif