generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

bring HEAD up to date, add CVE-2010-3864 fix, update NEWS files

Browse Source
This commit is contained in:
Dr. Stephen Henson 2010-11-16 14:18:51 +00:00
parent f7d2f17a07
commit 732d31beee
4 changed files with 67 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGES
View File

@ -161,6 +161,10 @@
Changes between 1.0.0a and 1.0.0b [xx XXX xxxx] Changes between 1.0.0a and 1.0.0b [xx XXX xxxx]
*) Fix extension code to avoid race conditions which can result in a buffer
overrun vulnerability: resumed sessions must not be modified as they can
be shared by multiple threads. CVE-2010-3864
*) Fix WIN32 build system to correctly link an ENGINE directory into *) Fix WIN32 build system to correctly link an ENGINE directory into
a DLL. a DLL.
[Steve Henson] [Steve Henson]
@ -1014,6 +1018,10 @@
Changes between 0.9.8o and 0.9.8p [xx XXX xxxx] Changes between 0.9.8o and 0.9.8p [xx XXX xxxx]
*) Fix extension code to avoid race conditions which can result in a buffer
overrun vulnerability: resumed sessions must not be modified as they can
be shared by multiple threads. CVE-2010-3864
*) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939 *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
[Steve Henson] [Steve Henson]

6
NEWS
View File

@ -5,6 +5,12 @@
This file gives a brief overview of the major changes between each OpenSSL This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file. release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b:
o Fix for security issue CVE-2010-3864.
o Fix for CVE-2010-2939
o Fix WIN32 build system for GOST ENGINE.
Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a: Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a:
o Fix for security issue CVE-2010-1633. o Fix for security issue CVE-2010-1633.

13
STATUS
View File

@ -1,10 +1,19 @@
OpenSSL STATUS Last modified at OpenSSL STATUS Last modified at
______________ $Date: 2009/04/03 11:45:14 $ ______________ $Date: 2010/11/16 14:18:51 $
DEVELOPMENT STATE DEVELOPMENT STATE
o OpenSSL 1.0.0-beta1: Released on April 1st, 2009 o OpenSSL 1.1.0: Under development...
o OpenSSL 1.0.0b: Released on November 16th, 2010
o OpenSSL 1.0.0a: Released on June 1st, 2010
o OpenSSL 1.0.0: Released on March 29th, 2010
o OpenSSL 0.9.8n: Released on March 24th, 2010
o OpenSSL 0.9.8m: Released on February 25th, 2010
o OpenSSL 0.9.8l: Released on November 5th, 2009
o OpenSSL 0.9.8k: Released on March 25th, 2009
o OpenSSL 0.9.8j: Released on January 7th, 2009
o OpenSSL 0.9.8i: Released on September 15th, 2008
o OpenSSL 0.9.8h: Released on May 28th, 2008 o OpenSSL 0.9.8h: Released on May 28th, 2008
o OpenSSL 0.9.8g: Released on October 19th, 2007 o OpenSSL 0.9.8g: Released on October 19th, 2007
o OpenSSL 0.9.8f: Released on October 11th, 2007 o OpenSSL 0.9.8f: Released on October 11th, 2007

60
ssl/t1_lib.c
View File

@ -751,14 +751,23 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
switch (servname_type) switch (servname_type)
{ {
case TLSEXT_NAMETYPE_host_name: case TLSEXT_NAMETYPE_host_name:
if (s->session->tlsext_hostname == NULL) if (!s->hit)
{ {
if (len > TLSEXT_MAXLEN_host_name || if(s->session->tlsext_hostname)
((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)) {
*al = SSL_AD_DECODE_ERROR;
return 0;
}
if (len > TLSEXT_MAXLEN_host_name)
{ {
*al = TLS1_AD_UNRECOGNIZED_NAME; *al = TLS1_AD_UNRECOGNIZED_NAME;
return 0; return 0;
} }
if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)
{
*al = TLS1_AD_INTERNAL_ERROR;
return 0;
}
memcpy(s->session->tlsext_hostname, sdata, len); memcpy(s->session->tlsext_hostname, sdata, len);
s->session->tlsext_hostname[len]='\0'; s->session->tlsext_hostname[len]='\0';
if (strlen(s->session->tlsext_hostname) != len) { if (strlen(s->session->tlsext_hostname) != len) {
@ -771,7 +780,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
} }
else else
s->servername_done = strlen(s->session->tlsext_hostname) == len s->servername_done = s->session->tlsext_hostname
&& strlen(s->session->tlsext_hostname) == len
&& strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0; && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
break; break;
@ -802,15 +812,22 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
*al = TLS1_AD_DECODE_ERROR; *al = TLS1_AD_DECODE_ERROR;
return 0; return 0;
} }
s->session->tlsext_ecpointformatlist_length = 0; if (!s->hit)
if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist);
if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
{ {
*al = TLS1_AD_INTERNAL_ERROR; if(s->session->tlsext_ecpointformatlist)
return 0; {
*al = TLS1_AD_DECODE_ERROR;
return 0;
}
s->session->tlsext_ecpointformatlist_length = 0;
if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
{
*al = TLS1_AD_INTERNAL_ERROR;
return 0;
}
s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
} }
s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
#if 0 #if 0
fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ", s->session->tlsext_ecpointformatlist_length); fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ", s->session->tlsext_ecpointformatlist_length);
sdata = s->session->tlsext_ecpointformatlist; sdata = s->session->tlsext_ecpointformatlist;
@ -831,15 +848,22 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
*al = TLS1_AD_DECODE_ERROR; *al = TLS1_AD_DECODE_ERROR;
return 0; return 0;
} }
s->session->tlsext_ellipticcurvelist_length = 0; if (!s->hit)
if (s->session->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->session->tlsext_ellipticcurvelist);
if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL)
{ {
*al = TLS1_AD_INTERNAL_ERROR; if(s->session->tlsext_ellipticcurvelist)
return 0; {
*al = TLS1_AD_DECODE_ERROR;
return 0;
}
s->session->tlsext_ellipticcurvelist_length = 0;
if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL)
{
*al = TLS1_AD_INTERNAL_ERROR;
return 0;
}
s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length;
memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length);
} }
s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length;
memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length);
#if 0 #if 0
fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ", s->session->tlsext_ellipticcurvelist_length); fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ", s->session->tlsext_ellipticcurvelist_length);
sdata = s->session->tlsext_ellipticcurvelist; sdata = s->session->tlsext_ellipticcurvelist;