generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
openssl/ssl
History
Matt Caswell 27c76b9b80 Fix race condition in NewSessionTicket 
If a NewSessionTicket is received by a multi-threaded client when
attempting to reuse a previous ticket then a race condition can occur
potentially leading to a double free of the ticket data.

CVE-2015-1791

This also fixes RT#3808 where a session ID is changed for a session already
in the client session cache. Since the session ID is the key to the cache
this breaks the cache access.

Parts of this patch were inspired by this Akamai change:
c0bf69a791

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-02 09:30:31 +01:00
..
.cvsignore
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
bio_ssl.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
d1_both.c
Check the message type requested is the type received in DTLS
2015-06-01 00:30:56 +01:00
d1_clnt.c
Add more error state transitions (DTLS)
2015-05-05 20:05:21 +01:00
d1_lib.c
Fix Seg fault in DTLSv1_listen
2015-03-19 11:11:22 +00:00
d1_meth.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
d1_pkt.c
Lost alert in DTLS
2015-05-22 09:44:44 +01:00
d1_srtp.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
d1_srvr.c
Don't allow a CCS when expecting a CertificateVerify
2015-05-13 11:21:01 +01:00
dtls1.h
Fix d2i_SSL_SESSION for DTLS1_BAD_VER
2015-02-27 20:31:28 +00:00
heartbeat_test.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
install-ssl.com
Don't forget to install srtp.h as well
2012-05-10 15:01:26 +00:00
kssl_lcl.h
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
kssl.c
Re-align some comments after running the reformat script.
2015-01-22 09:31:48 +00:00
kssl.h
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
Makefile
Fix the update target and remove duplicate file updates
2015-05-23 06:25:12 +02:00
s2_clnt.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
s2_enc.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
s2_lib.c
Fix reachable assert in SSLv2 servers.
2015-03-19 12:58:35 +00:00
s2_meth.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
s2_pkt.c
Add length sanity check in SSLv2 n_do_ssl_write()
2015-04-29 17:23:45 +01:00
s2_srvr.c
Harden SSLv2-supporting servers against Bleichenbacher's attack.
2015-04-08 16:28:42 +02:00
s3_both.c
Sanity check the return from final_finish_mac
2015-04-30 23:21:53 +01:00
s3_cbc.c
Add sanity check in ssl3_cbc_digest_record
2015-04-30 23:21:53 +01:00
s3_clnt.c
Fix race condition in NewSessionTicket
2015-06-02 09:30:31 +01:00
s3_enc.c
Cleanse buffers
2015-03-11 10:45:23 +00:00
s3_lib.c
Remove export static DH ciphersuites
2015-05-23 00:01:45 +01:00
s3_meth.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
s3_pkt.c
Don't send an alert if we've just received one
2015-05-25 17:52:27 +01:00
s3_srvr.c
Don't allow a CCS when expecting a CertificateVerify
2015-05-13 11:21:01 +01:00
s23_clnt.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
s23_lib.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
s23_meth.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
s23_pkt.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
s23_srvr.c
Re-align some comments after running the reformat script.
2015-01-22 09:31:48 +00:00
srtp.h
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ssl2.h
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ssl3.h
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ssl23.h
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ssl_algs.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ssl_asn1.c
Fix d2i_SSL_SESSION for DTLS1_BAD_VER
2015-02-27 20:31:28 +00:00
ssl_cert.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ssl_ciph.c
Remove export ciphers from the DEFAULT cipher list
2015-03-07 23:02:19 +01:00
ssl_conf.c
Add support for ServerInfo SSL_CONF option.
2015-03-18 12:31:06 +00:00
ssl_err2.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ssl_err.c
Fix race condition in NewSessionTicket
2015-06-02 09:30:31 +01:00
ssl_lib.c
Fix typo setting up certificate masks
2015-05-23 00:01:48 +01:00
ssl_locl.h
Fix race condition in NewSessionTicket
2015-06-02 09:30:31 +01:00
ssl_rsa.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ssl_sess.c
Fix race condition in NewSessionTicket
2015-06-02 09:30:31 +01:00
ssl_stat.c
Add Error state
2015-05-05 19:50:12 +01:00
ssl_task.c
Re-align some comments after running the reformat script.
2015-01-22 09:31:48 +00:00
ssl_txt.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ssl_utst.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ssl-lib.com
VMS fixups for 1.0.2
2015-01-07 02:15:35 +01:00
ssl.h
Fix race condition in NewSessionTicket
2015-06-02 09:30:31 +01:00
ssltest.c
Fix ssltest to use 1024-bit DHE parameters
2015-05-26 12:42:40 +02:00
t1_clnt.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
t1_enc.c
Sanity check EVP_CTRL_AEAD_TLS_AAD
2015-04-30 23:21:50 +01:00
t1_ext.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
t1_lib.c
Don't check for a negative SRP extension size
2015-05-26 10:38:56 +01:00
t1_meth.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
t1_reneg.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
t1_srvr.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
t1_trce.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
tls1.h
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
tls_srp.c
Code style: space after 'if'
2015-04-16 13:50:01 -04:00