[Pkg-openssl-changes] r406 - in openssl/trunk: debian ssl

Kurt Roeckx kroeckx at alioth.debian.org
Mon Jun 8 17:20:52 UTC 2009 

Author: kroeckx
Date: 2009-06-08 17:20:51 +0000 (Mon, 08 Jun 2009)
New Revision: 406

Modified:
   openssl/trunk/debian/changelog
   openssl/trunk/ssl/d1_both.c
Log:
Fix CVE-2009-1387
CVE-2009-1386 was already fixed.


Modified: openssl/trunk/debian/changelog
===================================================================
--- openssl/trunk/debian/changelog	2009-06-08 17:04:47 UTC (rev 405)
+++ openssl/trunk/debian/changelog	2009-06-08 17:20:51 UTC (rev 406)
@@ -5,12 +5,16 @@
   * Split the line to generate md5-x86_64.s in the Makefile.  This will
     hopefully fix the build issue on kfreebsd that now outputs the file
     to stdout instead of the file.
+  * Fix denial of service via an out-of-sequence DTLS handshake message
+    (CVE-2009-1387) (Closes: #532037)
 
- -- Kurt Roeckx <kurt at roeckx.be>  Mon, 08 Jun 2009 19:03:23 +0200
+ -- Kurt Roeckx <kurt at roeckx.be>  Mon, 08 Jun 2009 19:05:56 +0200
 
 openssl (0.9.8k-1) unstable; urgency=low
 
   * New upstream release
+    - 0.9.8i fixed denial of service via a DTLS ChangeCipherSpec packet
+      that occurs before ClientHello (CVE-2009-1386)
   * Make aes-x86_64.pl use PIC.
   * Fix security issues (Closes: #530400)
     - "DTLS record buffer limitation bug." (CVE-2009-1377)

Modified: openssl/trunk/ssl/d1_both.c
===================================================================
--- openssl/trunk/ssl/d1_both.c	2009-06-08 17:04:47 UTC (rev 405)
+++ openssl/trunk/ssl/d1_both.c	2009-06-08 17:20:51 UTC (rev 406)
@@ -585,30 +585,31 @@
 			}
 		}
 
-	frag = dtls1_hm_fragment_new(frag_len);
-	if ( frag == NULL)
-		goto err;
+	if (frag_len)
+	{
+		frag = dtls1_hm_fragment_new(frag_len);
+		if ( frag == NULL)
+			goto err;
 
-	memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
+		memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
 
-	if (frag_len)
-		{
-		/* read the body of the fragment (header has already been read */
+		/* read the body of the fragment (header has already been read) */
 		i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
 			frag->fragment,frag_len,0);
 		if (i<=0 || (unsigned long)i!=frag_len)
 			goto err;
-		}
 
-	pq_64bit_init(&seq64);
-	pq_64bit_assign_word(&seq64, msg_hdr->seq);
+		pq_64bit_init(&seq64);
+		pq_64bit_assign_word(&seq64, msg_hdr->seq);
 
-	item = pitem_new(seq64, frag);
-	pq_64bit_free(&seq64);
-	if ( item == NULL)
-		goto err;
+		item = pitem_new(seq64, frag);
+		pq_64bit_free(&seq64);
+		if ( item == NULL)
+			goto err;
 
-	pqueue_insert(s->d1->buffered_messages, item);
+		pqueue_insert(s->d1->buffered_messages, item);
+	}
+
 	return DTLS1_HM_FRAGMENT_RETRY;
 
 err:

More information about the Pkg-openssl-changes mailing list