From owner-freebsd-security@FreeBSD.ORG Mon Apr 7 21:02:47 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A8F9BF91 for ; Mon, 7 Apr 2014 21:02:47 +0000 (UTC) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "anubis.delphij.net", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 8C908278 for ; Mon, 7 Apr 2014 21:02:47 +0000 (UTC) Received: from zeta.ixsystems.com (unknown [69.198.165.132]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by anubis.delphij.net (Postfix) with ESMTPSA id 8534313C08; Mon, 7 Apr 2014 14:02:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net; s=anubis; t=1396904566; bh=PDP9tqV96mv4PF0t6+IJFSWN1DED7YDGfOM2h3LxL8U=; h=Date:From:Reply-To:To:Subject:References:In-Reply-To; b=2iFl8UHc2we2us3pVp81L9/5m46F2WxDxgb9uFjVOxSpCyuYaJkcBD7dLWvOWcltD 8mgKQVuNrAls8t7V5zmCjvPMbTNG4fxUbKI+Dx8GZ4rRAtOB9RYvwlS2vB08eOUu0V Ltdisv7h3hGhiuv6BQVLWMOPP+/zyF+5seS29HSc= Message-ID: <53431275.4080906@delphij.net> Date: Mon, 07 Apr 2014 14:02:45 -0700 From: Xin Li Organization: The FreeBSD Project MIME-Version: 1.0 To: Thomas Steen Rasmussen , freebsd-security@freebsd.org Subject: Re: http://heartbleed.com/ References: <53430F72.1040307@gibfest.dk> In-Reply-To: <53430F72.1040307@gibfest.dk> X-Enigmail-Version: 1.6 Content-Type: multipart/mixed; boundary="------------030903090703000506070407" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: d@delphij.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Apr 2014 21:02:47 -0000 This is a multi-part message in MIME format. --------------030903090703000506070407 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, Thomas, On 04/07/14 13:49, Thomas Steen Rasmussen wrote: > Hello, > > http://heartbleed.com/ describes an openssl vulnerability > published today. We are going to need an advisory for the openssl > in base in FreeBSD 10 and we are also going to need an updated > port. > > The implications of this vulnerability are pretty massive, > certificates will need to be replaced and so on. I don't want to > repeat the page, so go read that. We are already working on this but building, reviewing, etc. would take some time. Attached is the minimal fix (extracted from upstream git repository) we are intending to use in the advisory for those who want to apply a fix now, please DO NOT use any new certificates before applying fixes. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTQxJ1AAoJEJW2GBstM+nsz6AP/2m28eIzuF/JFhyZB7rkLAZR vP9P0Tu1Vupwd6FN5X9m1O4t5ORhMfn5Y8SuxemHPg8NncaEptg43rs+TED4ucGd ulyFLJsAZtCDlTTVRAuhp3PfvNllBcoG6a+sWg0qjDqxnzWpPZShCP8ay9g/3q4W ceYJigXyi7KtKuNlc2YXlC5CA5NpKV9zsc0KhZj/PIq9qLiv+JYUriz1BRE8J+5P CusO3usNgwHFx0XppMQRXxg/iSYnqs/YM6btENgsOBlRsCJkfSPbxE1z6Vmp0h27 mOWiBLIOOR97WfYHCUHUHg+1bpJKz6VXUDHbNjjoaaLWg2D4HCkqgm45mgKZBHwh 6SZUR90WthBbbFwJ3vY+wdARBO1V3RBg64ACZfYEIimqtGKZ5VaJgmYFLZc33RQr O6Gpt7KeiwxaPYe/18zIiBULKeGBtQXettKpw4KOrkKSfnZePNxQIiqQmzLmfzXW VwgRYlAAhjmv/ROCdnQJiKQKnloo9xUEPtk1ngmw6ThJJuDGS+Mcm1pWwbvMPF5/ cWXprDXW4/Hws8GCXbZxYRrC0xQ0zDL+K589H/3pTWV5ijnI/CpM1gzvd0NH/H4+ LQNILNJ+p2Uhp3D7yoz1bQC8gV2XeXROeNGEuY3VRyNbnv3z65mjWry/4QZo+kp6 NcKVrUpKLG4odhL7BXBF =7rU5 -----END PGP SIGNATURE----- --------------030903090703000506070407 Content-Type: text/plain; charset=UTF-8; name="openssl.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="openssl.patch" Index: crypto/openssl/ssl/d1_both.c =================================================================== --- crypto/openssl/ssl/d1_both.c (revision 264059) +++ crypto/openssl/ssl/d1_both.c (working copy) @@ -1458,26 +1458,36 @@ dtls1_process_heartbeat(SSL *s) unsigned int payload; unsigned int padding = 16; /* Use minimum padding */ + if (s->msg_callback) + s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, + &s->s3->rrec.data[0], s->s3->rrec.length, + s, s->msg_callback_arg); + /* Read type and payload length first */ + if (1 + 2 + 16 > s->s3->rrec.length) + return 0; /* silently discard */ hbtype = *p++; n2s(p, payload); + if (1 + 2 + payload + 16 > s->s3->rrec.length) + return 0; /* silently discard per RFC 6520 sec. 4 */ pl = p; - if (s->msg_callback) - s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, - &s->s3->rrec.data[0], s->s3->rrec.length, - s, s->msg_callback_arg); - if (hbtype == TLS1_HB_REQUEST) { unsigned char *buffer, *bp; + unsigned int write_length = 1 /* heartbeat type */ + + 2 /* heartbeat length */ + + payload + padding; int r; + if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) + return 0; + /* Allocate memory for the response, size is 1 byte * message type, plus 2 bytes payload length, plus * payload, plus padding */ - buffer = OPENSSL_malloc(1 + 2 + payload + padding); + buffer = OPENSSL_malloc(write_length); bp = buffer; /* Enter response type, length and copy payload */ @@ -1488,11 +1498,11 @@ dtls1_process_heartbeat(SSL *s) /* Random padding */ RAND_pseudo_bytes(bp, padding); - r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); + r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); if (r >= 0 && s->msg_callback) s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, - buffer, 3 + payload + padding, + buffer, write_length, s, s->msg_callback_arg); OPENSSL_free(buffer); Index: crypto/openssl/ssl/t1_lib.c =================================================================== --- crypto/openssl/ssl/t1_lib.c (revision 264059) +++ crypto/openssl/ssl/t1_lib.c (working copy) @@ -2486,16 +2486,20 @@ tls1_process_heartbeat(SSL *s) unsigned int payload; unsigned int padding = 16; /* Use minimum padding */ + if (s->msg_callback) + s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, + &s->s3->rrec.data[0], s->s3->rrec.length, + s, s->msg_callback_arg); + /* Read type and payload length first */ + if (1 + 2 + 16 > s->s3->rrec.length) + return 0; /* silently discard */ hbtype = *p++; n2s(p, payload); + if (1 + 2 + payload + 16 > s->s3->rrec.length) + return 0; /* silently discard per RFC 6520 sec. 4 */ pl = p; - if (s->msg_callback) - s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, - &s->s3->rrec.data[0], s->s3->rrec.length, - s, s->msg_callback_arg); - if (hbtype == TLS1_HB_REQUEST) { unsigned char *buffer, *bp; --------------030903090703000506070407--