File openssl-CVE-2015-1794.patch of Package openssl.4634
From: "Guy Leaver (guleaver)" <guleaver@cisco.com>
Date: Fri, 7 Aug 2015 15:45:21 +0100
Subject: Fix seg fault with 0 p val in SKE
Patch-mainline: OpenSSL_1_0_1q
Git-commit: f15c99f4d4a96b692bdbb6f343c9112f2fa5a8ed
References: CVE-2015-1794 bsc#957984
If a client receives a ServerKeyExchange for an anon DH ciphersuite with the
value of p set to 0 then a seg fault can occur. This commits adds a test to
reject p, g and pub key parameters that have a 0 value (in accordance with
RFC 5246)
The security vulnerability only affects master and 1.0.2, but the fix is
additionally applied to 1.0.1 for additional confidence.
CVE-2015-1794
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
---
ssl/s3_clnt.c | 16 ++++++++++++++++
ssl/ssl.h | 3 +++
ssl/ssl_err.c | 3 +++
3 files changed, 22 insertions(+)
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 35ad1217a655..c89564b36264 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1624,6 +1624,12 @@ int ssl3_get_key_exchange(SSL *s)
}
p += i;
+ if (BN_is_zero(dh->p)) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_VALUE);
+ goto f_err;
+ }
+
+
if (2 > n - param_len) {
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
@@ -1644,6 +1650,11 @@ int ssl3_get_key_exchange(SSL *s)
}
p += i;
+ if (BN_is_zero(dh->g)) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_VALUE);
+ goto f_err;
+ }
+
if (2 > n - param_len) {
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
@@ -1665,6 +1676,11 @@ int ssl3_get_key_exchange(SSL *s)
p += i;
n -= param_len;
+ if (BN_is_zero(dh->pub_key)) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_PUB_KEY_VALUE);
+ goto f_err;
+ }
+
# ifndef OPENSSL_NO_RSA
if (alg_a & SSL_aRSA)
pkey =
diff --git a/ssl/ssl.h b/ssl/ssl.h
index d2ab0c074c99..d9657eb57495 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2465,8 +2465,11 @@ void ERR_load_SSL_strings(void);
# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
# define SSL_R_BAD_DECOMPRESSION 107
# define SSL_R_BAD_DH_G_LENGTH 108
+# define SSL_R_BAD_DH_G_VALUE 375
# define SSL_R_BAD_DH_PUB_KEY_LENGTH 109
+# define SSL_R_BAD_DH_PUB_KEY_VALUE 393
# define SSL_R_BAD_DH_P_LENGTH 110
+# define SSL_R_BAD_DH_P_VALUE 395
# define SSL_R_BAD_DIGEST_LENGTH 111
# define SSL_R_BAD_DSA_SIGNATURE 112
# define SSL_R_BAD_ECC_CERT 304
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 88621b72500f..26f149e10810 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -369,8 +369,11 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
"bad data returned by callback"},
{ERR_REASON(SSL_R_BAD_DECOMPRESSION), "bad decompression"},
{ERR_REASON(SSL_R_BAD_DH_G_LENGTH), "bad dh g length"},
+ {ERR_REASON(SSL_R_BAD_DH_G_VALUE), "bad dh g value"},
{ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH), "bad dh pub key length"},
+ {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_VALUE), "bad dh pub key value"},
{ERR_REASON(SSL_R_BAD_DH_P_LENGTH), "bad dh p length"},
+ {ERR_REASON(SSL_R_BAD_DH_P_VALUE), "bad dh p value"},
{ERR_REASON(SSL_R_BAD_DIGEST_LENGTH), "bad digest length"},
{ERR_REASON(SSL_R_BAD_DSA_SIGNATURE), "bad dsa signature"},
{ERR_REASON(SSL_R_BAD_ECC_CERT), "bad ecc cert"},
--
2.7.2
