[Pkg-openssl-devel] Bug#775502: Bug#775502: openssl: 1.0.1e-2+deb7u14 broke DTLS handshake with Chrome/Firefox

Kurt Roeckx kurt at roeckx.be
Tue Jan 27 18:05:04 UTC 2015


On Mon, Jan 19, 2015 at 03:15:38PM +0300, ?????? ??????? wrote:
> Fri, 16 Jan 2015 18:43:36 +0100 ?? Kurt Roeckx <kurt at roeckx.be>:
> > 
> > There is an upstream bug report about the patch for CVE-2015-0206
> > breaking it.  Are you sure it's the right patch?
> 
> That's the patch removing which fixed the problem for me. I tried removing the patch for CVE-2015-0206 (0112-A-memory-leak-can-occur-in-dtls1_buffer_record-if-ei.patch) and keeping others but it didn't help - the problem is still present. I didn't try every patch added in u14 indivilually though.
> 
> > The fix for that issue was to use SSL_CTX_set_read_ahead() setting
> > it to 1.  Can you check that fixes it for you?
> 
> That worked, thanks. Adding that function call fixes DTLS handshake with the stock 1.0.1e-2+deb7u14 package.
> 
> So, should this be considered a bug in libwebrtc or is this an unintended breaking change in openssl?

The fix just uncovered a different bug.  The problem is that
recvfrom() might throw away the rest of a package if you didn't
receive the whole packet.  So the fix it to always read the whole
packet, by always doing the read ahead in the DTLS case.  This was
fixed usptream in commit 8dd4ad0ff5d1d07ec4b6dd5d5104131269a472aa.


Kurt



More information about the Pkg-openssl-devel mailing list