Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 29 Aug 2009 15:21:50 +0000 (UTC)
From:      "Simon L. Nielsen" <simon@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
Subject:   svn commit: r196641 - in stable/8/crypto/openssl: . crypto/pqueue ssl
Message-ID:  <200908291521.n7TFLo0D067791@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: simon
Date: Sat Aug 29 15:21:50 2009
New Revision: 196641
URL: http://svn.freebsd.org/changeset/base/196641

Log:
  MFC r196474:
  
    Merge DTLS fixes from vendor-crypto/openssl/dist:
  
    - Fix memory consumption bug with "future epoch" DTLS records.
    - Fix fragment handling memory leak.
    - Do not access freed data structure.
    - Fix DTLS fragment bug - out-of-sequence message handling which could
      result in NULL pointer dereference in
      dtls1_process_out_of_seq_message().
  
    Note that this will not get FreeBSD Security Advisory as DTLS is
    experimental in OpenSSL.
  
    Security:	CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1387
  
  Approved by:	re (kib)

Modified:
  stable/8/crypto/openssl/   (props changed)
  stable/8/crypto/openssl/crypto/pqueue/pqueue.c
  stable/8/crypto/openssl/crypto/pqueue/pqueue.h
  stable/8/crypto/openssl/ssl/d1_both.c
  stable/8/crypto/openssl/ssl/d1_pkt.c

Modified: stable/8/crypto/openssl/crypto/pqueue/pqueue.c
==============================================================================
--- stable/8/crypto/openssl/crypto/pqueue/pqueue.c	Sat Aug 29 13:28:02 2009	(r196640)
+++ stable/8/crypto/openssl/crypto/pqueue/pqueue.c	Sat Aug 29 15:21:50 2009	(r196641)
@@ -234,3 +234,17 @@ pqueue_next(pitem **item)
 
 	return ret;
 	}
+
+int
+pqueue_size(pqueue_s *pq)
+{
+	pitem *item = pq->items;
+	int count = 0;
+	
+	while(item != NULL)
+	{
+		count++;
+		item = item->next;
+	}
+	return count;
+}

Modified: stable/8/crypto/openssl/crypto/pqueue/pqueue.h
==============================================================================
--- stable/8/crypto/openssl/crypto/pqueue/pqueue.h	Sat Aug 29 13:28:02 2009	(r196640)
+++ stable/8/crypto/openssl/crypto/pqueue/pqueue.h	Sat Aug 29 15:21:50 2009	(r196641)
@@ -91,5 +91,6 @@ pitem *pqueue_iterator(pqueue pq);
 pitem *pqueue_next(piterator *iter);
 
 void   pqueue_print(pqueue pq);
+int    pqueue_size(pqueue pq);
 
 #endif /* ! HEADER_PQUEUE_H */

Modified: stable/8/crypto/openssl/ssl/d1_both.c
==============================================================================
--- stable/8/crypto/openssl/ssl/d1_both.c	Sat Aug 29 13:28:02 2009	(r196640)
+++ stable/8/crypto/openssl/ssl/d1_both.c	Sat Aug 29 15:21:50 2009	(r196641)
@@ -519,6 +519,7 @@ dtls1_retrieve_buffered_fragment(SSL *s,
 
 	if ( s->d1->handshake_read_seq == frag->msg_header.seq)
 		{
+		unsigned long frag_len = frag->msg_header.frag_len;
 		pqueue_pop(s->d1->buffered_messages);
 
 		al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
@@ -536,7 +537,7 @@ dtls1_retrieve_buffered_fragment(SSL *s,
 		if (al==0)
 			{
 			*ok = 1;
-			return frag->msg_header.frag_len;
+			return frag_len;
 			}
 
 		ssl3_send_alert(s,SSL3_AL_FATAL,al);
@@ -561,7 +562,16 @@ dtls1_process_out_of_seq_message(SSL *s,
 	if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
 		goto err;
 
-	if (msg_hdr->seq <= s->d1->handshake_read_seq)
+	/* Try to find item in queue, to prevent duplicate entries */
+	pq_64bit_init(&seq64);
+	pq_64bit_assign_word(&seq64, msg_hdr->seq);
+	item = pqueue_find(s->d1->buffered_messages, seq64);
+	pq_64bit_free(&seq64);
+	
+	/* Discard the message if sequence number was already there, is
+	 * too far in the future or the fragment is already in the queue */
+	if (msg_hdr->seq <= s->d1->handshake_read_seq ||
+		msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL)
 		{
 		unsigned char devnull [256];
 
@@ -575,30 +585,31 @@ dtls1_process_out_of_seq_message(SSL *s,
 			}
 		}
 
-	frag = dtls1_hm_fragment_new(frag_len);
-	if ( frag == NULL)
-		goto err;
+	if (frag_len)
+	{
+		frag = dtls1_hm_fragment_new(frag_len);
+		if ( frag == NULL)
+			goto err;
 
-	memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
+		memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
 
-	if (frag_len)
-		{
-		/* read the body of the fragment (header has already been read */
+		/* read the body of the fragment (header has already been read) */
 		i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
 			frag->fragment,frag_len,0);
 		if (i<=0 || (unsigned long)i!=frag_len)
 			goto err;
-		}
 
-	pq_64bit_init(&seq64);
-	pq_64bit_assign_word(&seq64, msg_hdr->seq);
+		pq_64bit_init(&seq64);
+		pq_64bit_assign_word(&seq64, msg_hdr->seq);
 
-	item = pitem_new(seq64, frag);
-	pq_64bit_free(&seq64);
-	if ( item == NULL)
-		goto err;
+		item = pitem_new(seq64, frag);
+		pq_64bit_free(&seq64);
+		if ( item == NULL)
+			goto err;
+
+		pqueue_insert(s->d1->buffered_messages, item);
+	}
 
-	pqueue_insert(s->d1->buffered_messages, item);
 	return DTLS1_HM_FRAGMENT_RETRY;
 
 err:

Modified: stable/8/crypto/openssl/ssl/d1_pkt.c
==============================================================================
--- stable/8/crypto/openssl/ssl/d1_pkt.c	Sat Aug 29 13:28:02 2009	(r196640)
+++ stable/8/crypto/openssl/ssl/d1_pkt.c	Sat Aug 29 15:21:50 2009	(r196641)
@@ -167,6 +167,10 @@ dtls1_buffer_record(SSL *s, record_pqueu
     DTLS1_RECORD_DATA *rdata;
 	pitem *item;
 
+	/* Limit the size of the queue to prevent DOS attacks */
+	if (pqueue_size(queue->q) >= 100)
+		return 0;
+		
 	rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
 	item = pitem_new(priority, rdata);
 	if (rdata == NULL || item == NULL)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908291521.n7TFLo0D067791>