File polarssl-CVE-2015-7575.patch of Package polarssl.openSUSE_13.2_Update
From 14400c8fb04e406a042695f28762b40cc7b2aa7b Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Sat, 2 Jan 2016 00:08:13 +0000
Subject: [PATCH] Merge memory leak fix into branch 'mbedtls-1.3'
Merge of fix for memory leak in RSA-SSA signing - #372
---
ChangeLog | 10 ++++++++++
include/polarssl/config.h | 13 +++++++++++++
library/asn1write.c | 21 ++++++++++-----------
library/bignum.c | 28 +++++++++++++++-------------
library/ssl_cli.c | 16 ++++++++++++----
library/ssl_srv.c | 6 ++++++
6 files changed, 66 insertions(+), 28 deletions(-)
Index: polarssl-1.3.9/ChangeLog
===================================================================
--- polarssl-1.3.9.orig/ChangeLog
+++ polarssl-1.3.9/ChangeLog
@@ -11,6 +11,12 @@ Security
(not affected if ECC support was compiled out) (found using Codenomicon
Defensics).
+Security
+ * Fix potential double free when mbedtls_asn1_store_named_data() fails to
+ allocate memory. Only used for certificate generation, not triggerable
+ remotely in SSL/TLS. Found by RafaĆ Przywara. #367
+ * Disable MD5 handshake signatures in TLS 1.2 by default
+
Bugfix
* Support escaping of commas in x509_string_to_names()
* Fix compile error in ssl_pthread_server (found by Julian Ospald).
Index: polarssl-1.3.9/include/polarssl/config.h
===================================================================
--- polarssl-1.3.9.orig/include/polarssl/config.h
+++ polarssl-1.3.9/include/polarssl/config.h
@@ -940,6 +940,19 @@
#define POLARSSL_SSL_TRUNCATED_HMAC
/**
+ * \def POLARSSL_SSL_ENABLE_MD5_SIGNATURES
+ *
+ * Offer, accept and do MD5-based signatures in the TLS 1.2 handshake.
+ * Has no effect on which algorithms are accepted for certificates.
+ * Has no effect on other SSL/TLS versions.
+ *
+ * \warning Enabling this could be a security risk!
+ *
+ * Uncomment to enable MD5 signatures in TLS 1.2
+ */
+//#define POLARSSL_SSL_ENABLE_MD5_SIGNATURES
+
+/**
* \def POLARSSL_SSL_SET_CURVES
*
* Enable ssl_set_curves().
Index: polarssl-1.3.9/library/asn1write.c
===================================================================
--- polarssl-1.3.9.orig/library/asn1write.c
+++ polarssl-1.3.9/library/asn1write.c
@@ -343,19 +343,18 @@ asn1_named_data *asn1_store_named_data(
}
else if( cur->val.len < val_len )
{
- // Enlarge existing value buffer if needed
- //
- polarssl_free( cur->val.p );
- cur->val.p = NULL;
+ /*
+ * Enlarge existing value buffer if needed
+ * Preserve old data until the allocation succeeded, to leave list in
+ * a consistent state in case allocation fails.
+ */
+ void *p = polarssl_malloc( val_len );
+ if( p == NULL )
+ return( NULL );
+ polarssl_free( cur->val.p );
+ cur->val.p = p;
cur->val.len = val_len;
- cur->val.p = polarssl_malloc( val_len );
- if( cur->val.p == NULL )
- {
- polarssl_free( cur->oid.p );
- polarssl_free( cur );
- return( NULL );
- }
}
if( val != NULL )
Index: polarssl-1.3.9/library/ssl_cli.c
===================================================================
--- polarssl-1.3.9.orig/library/ssl_cli.c
+++ polarssl-1.3.9/library/ssl_cli.c
@@ -188,7 +188,7 @@ static void ssl_write_signature_algorith
/* SHA1 + RSA signature */
sig_alg_len += 2;
#endif
-#if defined(POLARSSL_MD5_C)
+#if defined(POLARSSL_MD5_C) && defined(POLARSSL_SSL_ENABLE_MD5_SIGNATURES)
/* MD5 + RSA signature */
sig_alg_len += 2;
#endif
@@ -206,7 +206,7 @@ static void ssl_write_signature_algorith
/* SHA1 + ECDSA signature */
sig_alg_len += 2;
#endif
-#if defined(POLARSSL_MD5_C)
+#if defined(POLARSSL_MD5_C) && defined(POLARSSL_SSL_ENABLE_MD5_SIGNATURES)
/* MD5 + ECDSA signature */
sig_alg_len += 2;
#endif
@@ -240,7 +240,7 @@ static void ssl_write_signature_algorith
sig_alg_list[sig_alg_len++] = SSL_HASH_SHA1;
sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
#endif
-#if defined(POLARSSL_MD5_C)
+#if defined(POLARSSL_MD5_C) && defined(POLARSSL_SSL_ENABLE_MD5_SIGNATURES)
sig_alg_list[sig_alg_len++] = SSL_HASH_MD5;
sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
#endif
@@ -262,7 +262,7 @@ static void ssl_write_signature_algorith
sig_alg_list[sig_alg_len++] = SSL_HASH_SHA1;
sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
#endif
-#if defined(POLARSSL_MD5_C)
+#if defined(POLARSSL_MD5_C) && defined(POLARSSL_SSL_ENABLE_MD5_SIGNATURES)
sig_alg_list[sig_alg_len++] = SSL_HASH_MD5;
sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
#endif
@@ -1814,6 +1814,14 @@ static int ssl_parse_server_key_exchange
SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
+
+#if !defined(POLARSSL_SSL_ENABLE_MD5_SIGNATURES)
+ if( md_alg == POLARSSL_MD_MD5 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ }
+#endif
}
else
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
Index: polarssl-1.3.9/library/ssl_srv.c
===================================================================
--- polarssl-1.3.9.orig/library/ssl_srv.c
+++ polarssl-1.3.9/library/ssl_srv.c
@@ -491,6 +491,12 @@ static int ssl_parse_signature_algorithm
* So, just look at the HashAlgorithm part.
*/
for( md_cur = md_list(); *md_cur != POLARSSL_MD_NONE; md_cur++ ) {
+#if !defined(POLARSSL_SSL_ENABLE_MD5_SIGNATURES)
+ /* Skip MD5 */
+ if( *md_cur == POLARSSL_MD_MD5 )
+ continue;
+#endif
+
for( p = buf + 2; p < end; p += 2 ) {
if( *md_cur == (int) ssl_md_alg_from_hash( p[0] ) ) {
ssl->handshake->sig_alg = p[0];
