CVS commit: [netbsd-6] src/crypto/external/bsd/openssl/dist/ssl

Tue, 22 May 2012 11:44:50 -0700 

Module Name:    src
Committed By:   riz
Date:           Tue May 22 18:44:46 UTC 2012

Modified Files:
        src/crypto/external/bsd/openssl/dist/ssl [netbsd-6]: d1_enc.c t1_enc.c

Log Message:
Pull up following revision(s) (requested by drochner in ticket #276):
        crypto/external/bsd/openssl/dist/ssl/t1_enc.c: revision 1.4
        crypto/external/bsd/openssl/dist/ssl/d1_enc.c: revision 1.2
pull in upstream rev.22547:
Sanity check record length before skipping explicit IV in TLS 1.2, 1.1
and DTLS to fix DoS attack.
(CVE-2012-2333)


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.4.1 \
    src/crypto/external/bsd/openssl/dist/ssl/d1_enc.c
cvs rdiff -u -r1.3 -r1.3.4.1 \
    src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/crypto/external/bsd/openssl/dist/ssl/d1_enc.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/d1_enc.c:1.1.1.3 src/crypto/external/bsd/openssl/dist/ssl/d1_enc.c:1.1.1.3.4.1
--- src/crypto/external/bsd/openssl/dist/ssl/d1_enc.c:1.1.1.3	Sun Jun  5 15:00:31 2011
+++ src/crypto/external/bsd/openssl/dist/ssl/d1_enc.c	Tue May 22 18:44:46 2012
@@ -260,7 +260,7 @@ int dtls1_enc(SSL *s, int send)
 				}
 			/* TLS 1.0 does not bound the number of padding bytes by the block size.
 			 * All of them must have value 'padding_length'. */
-			if (i > (int)rec->length)
+			if (i + bs > (int)rec->length)
 				{
 				/* Incorrect padding. SSLerr() and ssl3_alert are done
 				 * by caller: we don't want to reveal whether this is

Index: src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c:1.3 src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c:1.3.4.1
--- src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c:1.3	Sun Jun  5 23:09:49 2011
+++ src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c	Tue May 22 18:44:46 2012
@@ -823,6 +823,8 @@ int tls1_enc(SSL *s, int send)
 			if (s->version >= TLS1_1_VERSION
 				&& EVP_CIPHER_CTX_mode(ds) == EVP_CIPH_CBC_MODE)
 				{
+				if (bs > (int)rec->length)
+					return -1;
 				rec->data += bs;    /* skip the explicit IV */
 				rec->input += bs;
 				rec->length -= bs;

Reply via email to