File openssl-CVE-2019-1559.patch of Package openssl-1_0_0.16376
Index: openssl-1.0.2p/doc/ssl/SSL_get_error.pod
===================================================================
--- openssl-1.0.2p.orig/doc/ssl/SSL_get_error.pod 2018-08-14 14:48:58.000000000 +0200
+++ openssl-1.0.2p/doc/ssl/SSL_get_error.pod 2019-03-05 12:28:29.722943831 +0100
@@ -90,14 +90,17 @@ Details depend on the application.
=item SSL_ERROR_SYSCALL
-Some non-recoverable I/O error occurred.
-The OpenSSL error queue may contain more information on the error.
-For socket I/O on Unix systems, consult B<errno> for details.
+Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may
+contain more information on the error. For socket I/O on Unix systems, consult
+B<errno> for details. If this error occurs then no further I/O operations should
+be performed on the connection and SSL_shutdown() must not be called.
=item SSL_ERROR_SSL
-A failure in the SSL library occurred, usually a protocol error. The
-OpenSSL error queue contains more information on the error.
+A non-recoverable, fatal error in the SSL library occurred, usually a protocol
+error. The OpenSSL error queue contains more information on the error. If this
+error occurs then no further I/O operations should be performed on the
+connection and SSL_shutdown() must not be called.
=back
Index: openssl-1.0.2p/doc/ssl/SSL_shutdown.pod
===================================================================
--- openssl-1.0.2p.orig/doc/ssl/SSL_shutdown.pod 2018-08-14 14:48:58.000000000 +0200
+++ openssl-1.0.2p/doc/ssl/SSL_shutdown.pod 2019-03-05 12:28:29.722943831 +0100
@@ -22,6 +22,10 @@ Whether the operation succeeds or not, t
a currently open session is considered closed and good and will be kept in the
session cache for further reuse.
+Note that SSL_shutdown() must not be called if a previous fatal error has
+occurred on a connection i.e. if SSL_get_error() has returned SSL_ERROR_SYSCALL
+or SSL_ERROR_SSL.
+
The shutdown procedure consists of 2 steps: the sending of the "close notify"
shutdown alert and the reception of the peer's "close notify" shutdown
alert. According to the TLS standard, it is acceptable for an application
Index: openssl-1.0.2p/ssl/d1_pkt.c
===================================================================
--- openssl-1.0.2p.orig/ssl/d1_pkt.c 2018-08-14 14:48:59.000000000 +0200
+++ openssl-1.0.2p/ssl/d1_pkt.c 2019-03-05 12:28:29.722943831 +0100
@@ -1311,6 +1311,7 @@ int dtls1_read_bytes(SSL *s, int type, u
ERR_add_error_data(2, "SSL alert number ", tmp);
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
SSL_CTX_remove_session(s->session_ctx, s->session);
+ s->state = SSL_ST_ERR;
return (0);
} else {
al = SSL_AD_ILLEGAL_PARAMETER;
Index: openssl-1.0.2p/ssl/s3_pkt.c
===================================================================
--- openssl-1.0.2p.orig/ssl/s3_pkt.c 2018-08-14 14:48:59.000000000 +0200
+++ openssl-1.0.2p/ssl/s3_pkt.c 2019-03-05 12:28:29.722943831 +0100
@@ -1500,6 +1500,7 @@ int ssl3_read_bytes(SSL *s, int type, un
ERR_add_error_data(2, "SSL alert number ", tmp);
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
SSL_CTX_remove_session(s->session_ctx, s->session);
+ s->state = SSL_ST_ERR;
return (0);
} else {
al = SSL_AD_ILLEGAL_PARAMETER;
@@ -1719,9 +1720,12 @@ int ssl3_send_alert(SSL *s, int level, i
* protocol_version alerts */
if (desc < 0)
return -1;
- /* If a fatal one, remove from cache */
- if ((level == 2) && (s->session != NULL))
- SSL_CTX_remove_session(s->session_ctx, s->session);
+ /* If a fatal one, remove from cache and go into the error state */
+ if (level == SSL3_AL_FATAL) {
+ if (s->session != NULL)
+ SSL_CTX_remove_session(s->session_ctx, s->session);
+ s->state = SSL_ST_ERR;
+ }
s->s3->alert_dispatch = 1;
s->s3->send_alert[0] = level;