Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:danci1973
openssl
openssl-CVE-2015-3196.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-CVE-2015-3196.patch of Package openssl
From d6be3124f22870f1888c532523b74ea5d89795eb Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" <steve@openssl.org> Date: Wed, 1 Jul 2015 23:40:03 +0100 Subject: [PATCH] Fix PSK handling. The PSK identity hint should be stored in the SSL_SESSION structure and not in the parent context (which will overwrite values used by other SSL structures with the same SSL_CTX). Use BUF_strndup when copying identity as it may not be null terminated. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 3c66a669dfc7b3792f7af0758ea26fe8502ce70c) --- ssl/s3_clnt.c | 17 +++-------------- ssl/s3_srvr.c | 2 +- 2 files changed, 4 insertions(+), 15 deletions(-) Index: openssl-1.0.1k/ssl/s3_clnt.c =================================================================== --- openssl-1.0.1k.orig/ssl/s3_clnt.c 2015-12-04 17:07:16.576888840 +0100 +++ openssl-1.0.1k/ssl/s3_clnt.c 2015-12-04 17:23:09.487644962 +0100 @@ -1360,8 +1360,6 @@ int ssl3_get_key_exchange(SSL *s) #ifndef OPENSSL_NO_PSK if (alg_k & SSL_kPSK) { - char tmp_id_hint[PSK_MAX_IDENTITY_LEN+1]; - param_len = 2; if (param_len > n) { @@ -1390,17 +1388,8 @@ int ssl3_get_key_exchange(SSL *s) } param_len += i; - /* If received PSK identity hint contains NULL - * characters, the hint is truncated from the first - * NULL. p may not be ending with NULL, so create a - * NULL-terminated string. */ - memcpy(tmp_id_hint, p, i); - memset(tmp_id_hint+i, 0, PSK_MAX_IDENTITY_LEN+1-i); - if (s->ctx->psk_identity_hint != NULL) - OPENSSL_free(s->ctx->psk_identity_hint); - s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); - if (s->ctx->psk_identity_hint == NULL) - { + s->session->psk_identity_hint = BUF_strndup((char *)p, i); + if (s->session->psk_identity_hint == NULL) { al=SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); goto f_err; @@ -3002,7 +2991,7 @@ int ssl3_send_client_key_exchange(SSL *s } memset(identity, 0, sizeof(identity)); - psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint, + psk_len = s->psk_client_callback(s, s->session->psk_identity_hint, identity, sizeof(identity) - 1, psk_or_pre_ms, sizeof(psk_or_pre_ms)); if (psk_len > PSK_MAX_PSK_LEN) Index: openssl-1.0.1k/ssl/s3_srvr.c =================================================================== --- openssl-1.0.1k.orig/ssl/s3_srvr.c 2015-12-04 17:07:14.127850873 +0100 +++ openssl-1.0.1k/ssl/s3_srvr.c 2015-12-04 17:07:16.577888855 +0100 @@ -2816,7 +2816,7 @@ int ssl3_get_client_key_exchange(SSL *s) if (s->session->psk_identity != NULL) OPENSSL_free(s->session->psk_identity); - s->session->psk_identity = BUF_strdup((char *)p); + s->session->psk_identity = BUF_strndup((char *)p, i); if (s->session->psk_identity == NULL) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor