Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:msmeissn:openssl1
openvpn
0004-Drop-too-short-control-channel-packets.CVE...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0004-Drop-too-short-control-channel-packets.CVE-2014-8104.patch of Package openvpn
From c5590a6821e37f3b29735f55eb0c2b9c0924138c Mon Sep 17 00:00:00 2001 From: Steffan Karger <steffan.karger@fox-it.com> Date: Thu, 20 Nov 2014 13:43:05 +0100 References: bsc#907764, CVE-2014-8104 Upstream: yes Subject: [PATCH] Drop too-short control channel packets instead of asserting out. This fixes a denial-of-service vulnerability where an authenticated client could stop the server by triggering a server-side ASSERT(). OpenVPN would previously ASSERT() that control channel packets have a payload of at least 4 bytes. An authenticated client could trigger this assert by sending a too-short control channel packet to the server. Thanks to Dragana Damjanovic for reporting the issue. This bug has been assigned CVE-2014-8104. Signed-off-by: Steffan Karger <steffan.karger@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1CED409804E2164C8104F9E623B08B9018803B0FE7@FOXDFT02.FOX.local> Signed-off-by: Gert Doering <gert@greenie.muc.de> --- openvpn-2.0.9/ssl.c +++ openvpn-2.0.9/ssl.c 2014/12/01 14:08:20 @@ -2582,7 +2582,11 @@ key_method_2_read (struct buffer *buf, s ALLOC_ARRAY_CLEAR_GC (options, char, TLS_OPTIONS_LEN, &gc); /* discard leading uint32 */ - ASSERT (buf_advance (buf, 4)); + if (!buf_advance (buf, 4)) { + msg (D_TLS_ERRORS, "TLS ERROR: Plaintext buffer too short (%d bytes).", + buf->len); + goto error; + } /* get key method */ key_method_flags = buf_read_u8 (buf);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor