[Pkg-openssl-changes] r663 - in openssl/branches/wheezy/debian: . patches
Kurt Roeckx
kroeckx at moszumanska.debian.org
Mon May 12 21:24:06 UTC 2014
Author: kroeckx
Date: 2014-05-12 21:24:06 +0000 (Mon, 12 May 2014)
New Revision: 663
Added:
openssl/branches/wheezy/debian/patches/CVE-2010-5298.patch
openssl/branches/wheezy/debian/patches/CVE-2014-0076.patch
openssl/branches/wheezy/debian/patches/CVE-2014-0160.patch
openssl/branches/wheezy/debian/patches/CVE-2014-XXXX-Extension-checking-fixes.patch
Modified:
openssl/branches/wheezy/debian/changelog
openssl/branches/wheezy/debian/control
openssl/branches/wheezy/debian/libssl1.0.0.postinst
openssl/branches/wheezy/debian/patches/series
Log:
updates from the security team
Modified: openssl/branches/wheezy/debian/changelog
===================================================================
--- openssl/branches/wheezy/debian/changelog 2014-05-12 21:15:20 UTC (rev 662)
+++ openssl/branches/wheezy/debian/changelog 2014-05-12 21:24:06 UTC (rev 663)
@@ -1,3 +1,42 @@
+openssl (1.0.1e-2+deb7u7) wheezy-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix CVE-2010-5298: use-after-free race condition.
+ * Add a versioned dependency from openssl to libssl1.0.0 to a version
+ that has the fix for CVE-2014-0160 (Closes: #744194).
+ * Propose restarting prosody on upgrade (Closes: #744871).
+ * Correctly detect apache2 installations and propose it to be
+ restarted (Closes: #744141).
+ * Add more services to be checked for restart.
+ * Fix a bug where the critical flag for TSA extended key usage is not
+ always detected, and two other similar cases.
+ * Add support for 'libraries/restart-without-asking', which allows
+ services to be restarted automatically without prompting, or
+ requiring a response instead.
+ * Fix CVE-2014-0076: "Yarom/Benger FLUSH+RELOAD Cache Side-channel Attack"
+ (Closes: #742923).
+
+ -- Raphael Geissert <geissert at debian.org> Thu, 17 Apr 2014 22:11:33 +0200
+
+openssl (1.0.1e-2+deb7u6) wheezy-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Enable checking for services that may need to be restarted
+ * Update list of services to possibly restart
+
+ -- Salvatore Bonaccorso <carnil at debian.org> Tue, 08 Apr 2014 10:44:53 +0200
+
+openssl (1.0.1e-2+deb7u5) wheezy-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Add CVE-2014-0160.patch patch.
+ CVE-2014-0160: Fix TLS/DTLS hearbeat information disclosure.
+ A missing bounds check in the handling of the TLS heartbeat extension
+ can be used to reveal up to 64k of memory to a connected client or
+ server.
+
+ -- Salvatore Bonaccorso <carnil at debian.org> Mon, 07 Apr 2014 22:26:55 +0200
+
openssl (1.0.1e-2+deb7u4) stable; urgency=medium
* enable ec_nistp_64_gcc_128 on *-amd64 (Closes: #698447)
Modified: openssl/branches/wheezy/debian/control
===================================================================
--- openssl/branches/wheezy/debian/control 2014-05-12 21:15:20 UTC (rev 662)
+++ openssl/branches/wheezy/debian/control 2014-05-12 21:24:06 UTC (rev 663)
@@ -11,7 +11,7 @@
Package: openssl
Priority: optional
Architecture: any
-Depends: ${shlibs:Depends}, ${perl:Depends}, ${misc:Depends}
+Depends: ${shlibs:Depends}, ${perl:Depends}, ${misc:Depends}, libssl1.0.0 (>= 1.0.1e-2+deb7u5)
Suggests: ca-certificates
Description: Secure Socket Layer (SSL) binary and related cryptographic tools
This package contains the openssl binary and related tools.
Modified: openssl/branches/wheezy/debian/libssl1.0.0.postinst
===================================================================
--- openssl/branches/wheezy/debian/libssl1.0.0.postinst 2014-05-12 21:15:20 UTC (rev 662)
+++ openssl/branches/wheezy/debian/libssl1.0.0.postinst 2014-05-12 21:24:06 UTC (rev 663)
@@ -57,42 +57,81 @@
if [ "$1" = "configure" ]
then
if [ ! -z "$2" ]; then
- if dpkg --compare-versions "$2" lt 0.9.8g-9 && dpkg --compare-versions "$2" gt 0.9.8c-4etch3; then
- db_version 2.0
+ if dpkg --compare-versions "$2" lt 1.0.1e-2+deb7u6; then
+ echo -n "Checking for services that may need to be restarted..."
+ check="amanda-server anon-proxy apache2-common apache-ssl"
+ check="$check apf-firewall asterisk bacula-director-common"
+ check="$check bacula-fd bacula-sd bind9 bip boinc-client"
+ check="$check boxbackup-client boxbackup-server bozo cfengine2"
+ check="$check cfengine3 citadel-server clamav-daemon clamav-freshclam"
+ check="$check clamcour collectd-core conserver-server courier-imap-ssl"
+ check="$check courier-mta-ssl courier-pop-ssl cyrus21-imapd"
+ check="$check cyrus21-pop3d cyrus-common cyrus-imspd dovecot-core"
+ check="$check ejabberd exim4 fetchmail freeradius ftpd-ssl gatling"
+ check="$check globus-gatekeeper inn inn2 libapache-mod-ssl lighttpd lldpd"
+ check="$check lwresd monit myproxy-server nagios-nrpe-server nginx-common"
+ check="$check ntp openntpd openssh-server openvpn partimage-server"
+ check="$check postfix postgresql-7.4 postgresql-8.0 postgresql-8.1"
+ check="$check postgresql-8.2 postgresql-9.1 postgresql-9.2 postgresql-9.3"
+ check="$check proftpd proftpd-ldap"
+ check="$check proftpd-mysql proftpd-pgsql racoon sendmail slapd"
+ check="$check spamassassin ssh-nonfree stunnel4 syslog-ng tor unbound"
+ check="$check vsftpd"
+ # Only get the ones that are installed, and configured
+ check=$(dpkg -s $check 2> /dev/null | egrep '^Package:|^Status:' | awk '{if ($1 ~ /^Package:/) { package=$2 } else if ($0 ~ /^Status: .* installed$/) { print package }}')
+ # init script rewrites
+ check=$(echo $check | sed "
+ # apache2 ships its init script in apache2-common, but the
+ # script is apache2
+ s/apache2-common/apache2/g;
+ # For mod-ssl apache has to be restarted
+ s/libapache-mod-ssl/apache/g;
+ # The name of proftpd-{ldap,mysql,pgsql} init script is
+ # same as "proftpd".
+ s/proftpd-.*/proftpd/g;
+ # dovecot-core ships its init script, but the
+ # script name is dovecot for dovecot-{imapd,pop3d}.
+ s/dovecot-core/dovecot/g;
+ # openssh-server's init script it called ssh
+ s/openssh-server/ssh/g;
+ # bacula-director-common's init is bacula-director
+ s/bacula-director-common/bacula-director/g;
+ # citadel server
+ s/citadel-server/citadel/g;
+ # collectd
+ s/collectd-core/collectd/g;
+ # cyrus
+ s/cyrus-common/cyrus-imapd/g;
+ # nginx
+ s/nginx-common/nginx/g;
+ ")
+ echo "done."
+ fi
+ if dpkg --compare-versions "$2" lt 1.0.1e-2+deb7u7; then
+ echo -n "Checking for services that may need to be restarted..."
+ check2="apache2.2-common chef chef-expander chef-server-api"
+ check2="$check2 chef-solr pound postgresql-common"
+ check2="$check2 prosody puppet puppetmaster snmpd"
- echo -n "Checking for services that may need to be restarted..."
+ # Only get the ones that are installed, and configured
+ check2=$(dpkg -s $check2 2> /dev/null | egrep '^Package:|^Status:' | awk '{if ($1 ~ /^Package:/) { package=$2 } else if ($0 ~ /^Status: .* installed$/) { print package }}')
+ # init script rewrites
+ check2=$(echo $check2 | sed -r "
+ # apache2 ships its init script in apache2.2-common, but the
+ # script is apache2
+ s/apache2.2-common/apache2/g;
+ s/chef\s/chef-client/g;
+ s/chef-server-api/chef-server/g;
+ s/postgresql-common/postgresql/g;
+ ")
+ echo "done."
+ if [ -n "$check2" ]; then
+ check="$check $check2"
+ fi
+ fi
- check="sendmail openssh-server"
- check="$check apache2-common ssh-nonfree exim4"
- check="$check apache-ssl libapache-mod-ssl openvpn spamassassin"
- check="$check courier-imap-ssl courier-mta-ssl courier-pop-ssl"
- check="$check postfix cyrus21-imapd cyrus21-pop3d"
- check="$check postgresql-7.4 postgresql-8.0 postgresql-8.1"
- check="$check postgresql-8.2"
- check="$check racoon dovecot-common bind9"
- check="$check ntp openntpd clamcour nagios-nrpe-server"
- check="$check clamav-freshclam clamav-daemon"
- check="$check fetchmail ftpd-ssl slapd"
- check="$check proftpd proftpd-ldap proftpd-mysql proftpd-pgsql"
- check="$check partimage-server conserver-server tor"
- check="$check stunnel4"
- # Only get the ones that are installed, and configured
- check=$(dpkg -s $check 2> /dev/null | egrep '^Package:|^Status:' | awk '{if ($1 ~ /^Package:/) { package=$2 } else if ($0 ~ /^Status: .* installed$/) { print package }}')
- # apache2 ships its init script in apache2-common, but the
- # script is apache2
- check=$(echo $check | sed 's/apache2-common/apache2/g')
- # For mod-ssl apache has to be restarted
- check=$(echo $check | sed 's/libapache-mod-ssl/apache/g')
- # The name of proftpd-{ldap,mysql,pgsql} init script is
- # same as "proftpd".
- check=$(echo $check | sed 's/proftpd-.*/proftpd/g')
- # dovecot-common ships its init script, but the
- # script name is dovecot for dovecot-{imapd,pop3d}.
- check=$(echo $check | sed 's/dovecot-common/dovecot/g')
- # openssh-server's init script it called ssh
- check=$(echo $check | sed 's/openssh-server/ssh/g')
- echo "done."
-
+ if [ -n "$check" ]; then
+ db_version 2.0
echo "Checking init scripts..."
for service in $check; do
if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
@@ -115,18 +154,23 @@
fi
done
if [ -n "$services" ]; then
- db_reset libssl1.0.0/restart-services
- db_set libssl1.0.0/restart-services "$services"
- db_input critical libssl1.0.0/restart-services || true
+ db_input critical libraries/restart-without-asking || true
db_go || true
- db_get libssl1.0.0/restart-services
-
- if [ "x$RET" != "x" ]
- then
- services=$RET
- answer=yes
- else
- answer=no
+ db_get libraries/restart-without-asking
+ if [ "x$RET" != xtrue ]; then
+ db_reset libssl1.0.0/restart-services
+ db_set libssl1.0.0/restart-services "$services"
+ db_input critical libssl1.0.0/restart-services || true
+ db_go || true
+ db_get libssl1.0.0/restart-services
+
+ if [ "x$RET" != "x" ]
+ then
+ services=$RET
+ answer=yes
+ else
+ answer=no
+ fi
fi
echo
if [ "$answer" = yes ] && [ "$services" != "" ]; then
Added: openssl/branches/wheezy/debian/patches/CVE-2010-5298.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/CVE-2010-5298.patch (rev 0)
+++ openssl/branches/wheezy/debian/patches/CVE-2010-5298.patch 2014-05-12 21:24:06 UTC (rev 663)
@@ -0,0 +1,27 @@
+From db978be7388852059cf54e42539a363d549c5bfd Mon Sep 17 00:00:00 2001
+From: Kurt Roeckx <kurt at roeckx.be>
+Date: Sun, 13 Apr 2014 15:05:30 +0200
+Subject: [PATCH] Don't release the buffer when there still is data in it
+
+RT: 2167, 3265
+---
+ ssl/s3_pkt.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
+index b9e45c7..32e9207 100644
+--- a/ssl/s3_pkt.c
++++ b/ssl/s3_pkt.c
+@@ -1055,7 +1055,8 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
+ {
+ s->rstate=SSL_ST_READ_HEADER;
+ rr->off=0;
+- if (s->mode & SSL_MODE_RELEASE_BUFFERS)
++ if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
++ s->s3->rbuf.left == 0)
+ ssl3_release_read_buffer(s);
+ }
+ }
+--
+1.9.1
+
Added: openssl/branches/wheezy/debian/patches/CVE-2014-0076.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/CVE-2014-0076.patch (rev 0)
+++ openssl/branches/wheezy/debian/patches/CVE-2014-0076.patch 2014-05-12 21:24:06 UTC (rev 663)
@@ -0,0 +1,177 @@
+From f9b6c0ba4c02497782f801e3c45688f3efaac55c Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve at openssl.org>
+Date: Wed, 12 Mar 2014 14:16:19 +0000
+Subject: [PATCH] Fix for CVE-2014-0076
+
+Fix for the attack described in the paper "Recovering OpenSSL
+ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
+by Yuval Yarom and Naomi Benger. Details can be obtained from:
+http://eprint.iacr.org/2014/140
+
+Thanks to Yuval Yarom and Naomi Benger for discovering this
+flaw and to Yuval Yarom for supplying a fix.
+(cherry picked from commit 2198be3483259de374f91e57d247d0fc667aef29)
+
+Conflicts:
+
+ CHANGES
+---
+ CHANGES | 9 +++++++++
+ crypto/bn/bn.h | 11 +++++++++++
+ crypto/bn/bn_lib.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
+ crypto/ec/ec2_mult.c | 27 ++++++++++++++++-----------
+ 4 files changed, 88 insertions(+), 11 deletions(-)
+
+diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h
+index 7c23c01..b3518cb 100644
+--- a/crypto/bn/bn.h
++++ b/crypto/bn/bn.h
+@@ -538,6 +538,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret,
+ BIGNUM *BN_mod_sqrt(BIGNUM *ret,
+ const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+
++void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
++
+ /* Deprecated versions */
+ #ifndef OPENSSL_NO_DEPRECATED
+ BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
+@@ -774,11 +776,20 @@ int RAND_pseudo_bytes(unsigned char *buf,int num);
+
+ #define bn_fix_top(a) bn_check_top(a)
+
++#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
++#define bn_wcheck_size(bn, words) \
++ do { \
++ const BIGNUM *_bnum2 = (bn); \
++ assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
++ } while(0)
++
+ #else /* !BN_DEBUG */
+
+ #define bn_pollute(a)
+ #define bn_check_top(a)
+ #define bn_fix_top(a) bn_correct_top(a)
++#define bn_check_size(bn, bits)
++#define bn_wcheck_size(bn, words)
+
+ #endif
+
+diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
+index f77fdb7..72da073 100644
+--- a/crypto/bn/bn_lib.c
++++ b/crypto/bn/bn_lib.c
+@@ -824,3 +824,55 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
+ }
+ return bn_cmp_words(a,b,cl);
+ }
++
++/*
++ * Constant-time conditional swap of a and b.
++ * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set.
++ * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b,
++ * and that no more than nwords are used by either a or b.
++ * a and b cannot be the same number
++ */
++void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
++ {
++ BN_ULONG t;
++ int i;
++
++ bn_wcheck_size(a, nwords);
++ bn_wcheck_size(b, nwords);
++
++ assert(a != b);
++ assert((condition & (condition - 1)) == 0);
++ assert(sizeof(BN_ULONG) >= sizeof(int));
++
++ condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
++
++ t = (a->top^b->top) & condition;
++ a->top ^= t;
++ b->top ^= t;
++
++#define BN_CONSTTIME_SWAP(ind) \
++ do { \
++ t = (a->d[ind] ^ b->d[ind]) & condition; \
++ a->d[ind] ^= t; \
++ b->d[ind] ^= t; \
++ } while (0)
++
++
++ switch (nwords) {
++ default:
++ for (i = 10; i < nwords; i++)
++ BN_CONSTTIME_SWAP(i);
++ /* Fallthrough */
++ case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
++ case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
++ case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
++ case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
++ case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
++ case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
++ case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
++ case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
++ case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
++ case 1: BN_CONSTTIME_SWAP(0);
++ }
++#undef BN_CONSTTIME_SWAP
++}
+diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c
+index f41665a..06405d0 100644
+--- a/crypto/ec/ec2_mult.c
++++ b/crypto/ec/ec2_mult.c
+@@ -208,11 +208,15 @@ static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIG
+ return ret;
+ }
+
++
+ /* Computes scalar*point and stores the result in r.
+ * point can not equal r.
+- * Uses algorithm 2P of
++ * Uses a modified algorithm 2P of
+ * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over
+ * GF(2^m) without precomputation" (CHES '99, LNCS 1717).
++ *
++ * To protect against side-channel attack the function uses constant time swap,
++ * avoiding conditional branches.
+ */
+ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+ const EC_POINT *point, BN_CTX *ctx)
+@@ -246,6 +250,11 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r,
+ x2 = &r->X;
+ z2 = &r->Y;
+
++ bn_wexpand(x1, group->field.top);
++ bn_wexpand(z1, group->field.top);
++ bn_wexpand(x2, group->field.top);
++ bn_wexpand(z2, group->field.top);
++
+ if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */
+ if (!BN_one(z1)) goto err; /* z1 = 1 */
+ if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */
+@@ -270,16 +279,12 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r,
+ word = scalar->d[i];
+ while (mask)
+ {
+- if (word & mask)
+- {
+- if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err;
+- if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err;
+- }
+- else
+- {
+- if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
+- if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
+- }
++ BN_consttime_swap(word & mask, x1, x2, group->field.top);
++ BN_consttime_swap(word & mask, z1, z2, group->field.top);
++ if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
++ if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
++ BN_consttime_swap(word & mask, x1, x2, group->field.top);
++ BN_consttime_swap(word & mask, z1, z2, group->field.top);
+ mask >>= 1;
+ }
+ mask = BN_TBIT;
+--
+1.9.1
+
Added: openssl/branches/wheezy/debian/patches/CVE-2014-0160.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/CVE-2014-0160.patch (rev 0)
+++ openssl/branches/wheezy/debian/patches/CVE-2014-0160.patch 2014-05-12 21:24:06 UTC (rev 663)
@@ -0,0 +1,112 @@
+From 96db9023b881d7cd9f379b0c154650d6c108e9a3 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve at openssl.org>
+Date: Sun, 6 Apr 2014 00:51:06 +0100
+Subject: [PATCH] Add heartbeat extension bounds check.
+
+A missing bounds check in the handling of the TLS heartbeat extension
+can be used to reveal up to 64k of memory to a connected client or
+server.
+
+Thanks for Neel Mehta of Google Security for discovering this bug and to
+Adam Langley <agl at chromium.org> and Bodo Moeller <bmoeller at acm.org> for
+preparing the fix (CVE-2014-0160)
+---
+ CHANGES | 9 +++++++++
+ ssl/d1_both.c | 26 ++++++++++++++++++--------
+ ssl/t1_lib.c | 14 +++++++++-----
+ 3 files changed, 36 insertions(+), 13 deletions(-)
+
+diff --git a/ssl/d1_both.c b/ssl/d1_both.c
+index 7a5596a..2e8cf68 100644
+--- a/ssl/d1_both.c
++++ b/ssl/d1_both.c
+@@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s)
+ unsigned int payload;
+ unsigned int padding = 16; /* Use minimum padding */
+
+- /* Read type and payload length first */
+- hbtype = *p++;
+- n2s(p, payload);
+- pl = p;
+-
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+ &s->s3->rrec.data[0], s->s3->rrec.length,
+ s, s->msg_callback_arg);
+
++ /* Read type and payload length first */
++ if (1 + 2 + 16 > s->s3->rrec.length)
++ return 0; /* silently discard */
++ hbtype = *p++;
++ n2s(p, payload);
++ if (1 + 2 + payload + 16 > s->s3->rrec.length)
++ return 0; /* silently discard per RFC 6520 sec. 4 */
++ pl = p;
++
+ if (hbtype == TLS1_HB_REQUEST)
+ {
+ unsigned char *buffer, *bp;
++ unsigned int write_length = 1 /* heartbeat type */ +
++ 2 /* heartbeat length */ +
++ payload + padding;
+ int r;
+
++ if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
++ return 0;
++
+ /* Allocate memory for the response, size is 1 byte
+ * message type, plus 2 bytes payload length, plus
+ * payload, plus padding
+ */
+- buffer = OPENSSL_malloc(1 + 2 + payload + padding);
++ buffer = OPENSSL_malloc(write_length);
+ bp = buffer;
+
+ /* Enter response type, length and copy payload */
+@@ -1489,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s)
+ /* Random padding */
+ RAND_pseudo_bytes(bp, padding);
+
+- r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
++ r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
+
+ if (r >= 0 && s->msg_callback)
+ s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
+- buffer, 3 + payload + padding,
++ buffer, write_length,
+ s, s->msg_callback_arg);
+
+ OPENSSL_free(buffer);
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index b82fada..bddffd9 100644
+--- a/ssl/t1_lib.c
++++ b/ssl/t1_lib.c
+@@ -2588,16 +2588,20 @@ tls1_process_heartbeat(SSL *s)
+ unsigned int payload;
+ unsigned int padding = 16; /* Use minimum padding */
+
+- /* Read type and payload length first */
+- hbtype = *p++;
+- n2s(p, payload);
+- pl = p;
+-
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+ &s->s3->rrec.data[0], s->s3->rrec.length,
+ s, s->msg_callback_arg);
+
++ /* Read type and payload length first */
++ if (1 + 2 + 16 > s->s3->rrec.length)
++ return 0; /* silently discard */
++ hbtype = *p++;
++ n2s(p, payload);
++ if (1 + 2 + payload + 16 > s->s3->rrec.length)
++ return 0; /* silently discard per RFC 6520 sec. 4 */
++ pl = p;
++
+ if (hbtype == TLS1_HB_REQUEST)
+ {
+ unsigned char *buffer, *bp;
+--
+1.9.1
+
Added: openssl/branches/wheezy/debian/patches/CVE-2014-XXXX-Extension-checking-fixes.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/CVE-2014-XXXX-Extension-checking-fixes.patch (rev 0)
+++ openssl/branches/wheezy/debian/patches/CVE-2014-XXXX-Extension-checking-fixes.patch 2014-05-12 21:24:06 UTC (rev 663)
@@ -0,0 +1,40 @@
+From 300b9f0b704048f60776881f1d378c74d9c32fbd Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve at openssl.org>
+Date: Tue, 15 Apr 2014 18:48:54 +0100
+Subject: [PATCH] Extension checking fixes.
+
+When looking for an extension we need to set the last found
+position to -1 to properly search all extensions.
+
+PR#3309.
+---
+ crypto/x509v3/v3_purp.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
+index 6c40c7d..5f931db 100644
+--- a/crypto/x509v3/v3_purp.c
++++ b/crypto/x509v3/v3_purp.c
+@@ -389,8 +389,8 @@ static void x509v3_cache_extensions(X509 *x)
+ /* Handle proxy certificates */
+ if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
+ if (x->ex_flags & EXFLAG_CA
+- || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0
+- || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) {
++ || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0
++ || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) {
+ x->ex_flags |= EXFLAG_INVALID;
+ }
+ if (pci->pcPathLengthConstraint) {
+@@ -670,7 +670,7 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
+ return 0;
+
+ /* Extended Key Usage MUST be critical */
+- i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, 0);
++ i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, -1);
+ if (i_ext >= 0)
+ {
+ X509_EXTENSION *ext = X509_get_ext((X509 *) x, i_ext);
+--
+1.9.1
+
Modified: openssl/branches/wheezy/debian/patches/series
===================================================================
--- openssl/branches/wheezy/debian/patches/series 2014-05-12 21:15:20 UTC (rev 662)
+++ openssl/branches/wheezy/debian/patches/series 2014-05-12 21:24:06 UTC (rev 663)
@@ -42,3 +42,7 @@
disable_dual_ec_drbg.patch
CVE-2013-4353.patch
dont_change_version.patch
+CVE-2014-0160.patch
+CVE-2010-5298.patch
+CVE-2014-XXXX-Extension-checking-fixes.patch
+CVE-2014-0076.patch
More information about the Pkg-openssl-changes
mailing list