generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.

Browse Source 
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
This commit is contained in:
Dr. Stephen Henson 2012-01-18 18:15:27 +00:00
parent ac07bc8602
commit 855d29184e
3 changed files with 24 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
CHANGES
View File

@ -522,6 +522,14 @@
Add command line options to s_client/s_server. Add command line options to s_client/s_server.
[Steve Henson] [Steve Henson]
Changes between 1.0.0f and 1.0.0g [18 Jan 2012]
*) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
[Antonio Martin]
Changes between 1.0.0e and 1.0.0f [4 Jan 2012] Changes between 1.0.0e and 1.0.0f [4 Jan 2012]
*) Nadhem Alfardan and Kenny Paterson have discovered an extension *) Nadhem Alfardan and Kenny Paterson have discovered an extension
@ -1486,6 +1494,14 @@
*) Change 'Configure' script to enable Camellia by default. *) Change 'Configure' script to enable Camellia by default.
[NTT] [NTT]
Changes between 0.9.8s and 0.9.8t [18 Jan 2012]
*) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
[Antonio Martin]
Changes between 0.9.8r and 0.9.8s [4 Jan 2012] Changes between 0.9.8r and 0.9.8s [4 Jan 2012]
*) Nadhem Alfardan and Kenny Paterson have discovered an extension *) Nadhem Alfardan and Kenny Paterson have discovered an extension

2
apps/s_client.c
View File

@ -2056,7 +2056,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
} }
#endif #endif
#ifdef SSL_DEBUG #if 1
{ {
/* Print out local port of connection: useful for debugging */ /* Print out local port of connection: useful for debugging */
int sock; int sock;

17
ssl/d1_pkt.c
View File

@ -384,6 +384,7 @@ dtls1_process_record(SSL *s)
unsigned int mac_size; unsigned int mac_size;
unsigned char md[EVP_MAX_MD_SIZE]; unsigned char md[EVP_MAX_MD_SIZE];
int decryption_failed_or_bad_record_mac = 0; int decryption_failed_or_bad_record_mac = 0;
unsigned char *mac = NULL;
rr= &(s->s3->rrec); rr= &(s->s3->rrec);
@ -455,19 +456,15 @@ printf("\n");
#endif #endif
} }
/* check the MAC for rr->input (it's in mac_size bytes at the tail) */ /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
if (rr->length < mac_size) if (rr->length >= mac_size)
{ {
#if 0 /* OK only for stream ciphers */ rr->length -= mac_size;
al=SSL_AD_DECODE_ERROR; mac = &rr->data[rr->length];
SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
goto f_err;
#else
decryption_failed_or_bad_record_mac = 1;
#endif
} }
rr->length-=mac_size; else
rr->length = 0;
i=s->method->ssl3_enc->mac(s,md,0); i=s->method->ssl3_enc->mac(s,md,0);
if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0) if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0)
{ {
decryption_failed_or_bad_record_mac = 1; decryption_failed_or_bad_record_mac = 1;
} }