Submitted by: Bodo Moeller and Adam Langley (Google).

Fix for "Record of death" vulnerability CVE-2010-0740.
2010-03-24 13:16:42 +00:00 · 2010-03-24 13:16:42 +00:00 · 354f92d66a
commit 354f92d66a
parent c3484e0268
2 changed files with 13 additions and 4 deletions
--- a/11
+++ b/11
@ -2,7 +2,16 @@
 OpenSSL CHANGES
 _______________

- Changes between 0.9.8m and 0.9.8n [xx XXX xxxx]
+ Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
+
+  *) When rejecting SSL/TLS records due to an incorrect version number, never
+     update s->server with a new major version number.  As of
+     - OpenSSL 0.9.8m if 'short' is a 16-bit type,
+     - OpenSSL 0.9.8f if 'short' is longer than 16 bits,
+     the previous behavior could result in a read attempt at NULL when
+     receiving specific incorrect SSL/TLS records once record payload
+     protection is active.  (CVE-2010-0740)
+     [Bodo Moeller, Adam Langley <agl@chromium.org>]

  *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL 
     could be crashed if the relevant tables were not present (e.g. chrooted).
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@ -291,9 +291,9 @@ again:
 			if (version != s->version)
 				{
 				SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
-				/* Send back error using their
-				 * version number :-) */
-				s->version=version;
+                                if ((s->version & 0xFF00) == (version & 0xFF00))
+                                	/* Send back error using their minor version number :-) */
+					s->version = (unsigned short)version;
 				al=SSL_AD_PROTOCOL_VERSION;
 				goto f_err;
 				}