Loading CHANGES +7 −0 Original line number Diff line number Diff line Loading @@ -1764,6 +1764,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Clean old EAY MD5 hack from e_os.h. [Richard Levitte] Changes between 0.9.6e and 0.9.6f [XX xxx XXXX] *) Use proper error handling instead of 'assertions' in buffer overflow checks added in 0.9.6e. This prevents DoS (the assertions could call abort()). [Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller] Changes between 0.9.6d and 0.9.6e [30 Jul 2002] *) Add various sanity checks to asn1_get_length() to reject Loading crypto/cryptlib.c +0 −8 Original line number Diff line number Diff line Loading @@ -494,11 +494,3 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason, #endif #endif void OpenSSLDie(const char *file,int line,const char *assertion) { fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n", file,line,assertion); abort(); } crypto/cryptlib.h +0 −4 Original line number Diff line number Diff line Loading @@ -93,10 +93,6 @@ extern "C" { #define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) #define HEX_SIZE(type) ((sizeof(type)*2) /* die if we have to */ void OpenSSLDie(const char *file,int line,const char *assertion); #define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) #ifdef __cplusplus } #endif Loading ssl/s2_clnt.c +32 −9 Original line number Diff line number Diff line Loading @@ -536,7 +536,12 @@ static int get_server_hello(SSL *s) } s->s2->conn_id_length=s->s2->tmp.conn_id_length; die(s->s2->conn_id_length <= sizeof s->s2->conn_id); if (s->s2->conn_id_length > sizeof s->s2->conn_id) { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG); return -1; } memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length); return(1); } Loading Loading @@ -638,7 +643,12 @@ static int client_master_key(SSL *s) /* make key_arg data */ i=EVP_CIPHER_iv_length(c); sess->key_arg_length=i; die(i <= SSL_MAX_KEY_ARG_LENGTH); if (i > SSL_MAX_KEY_ARG_LENGTH) { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); return -1; } if (i > 0) RAND_pseudo_bytes(sess->key_arg,i); /* make a master key */ Loading @@ -646,7 +656,12 @@ static int client_master_key(SSL *s) sess->master_key_length=i; if (i > 0) { die(i <= sizeof sess->master_key); if (i > sizeof sess->master_key) { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); return -1; } if (RAND_bytes(sess->master_key,i) <= 0) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); Loading Loading @@ -690,7 +705,12 @@ static int client_master_key(SSL *s) d+=enc; karg=sess->key_arg_length; s2n(karg,p); /* key arg size */ die(karg <= sizeof sess->key_arg); if (karg > sizeof sess->key_arg) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); return -1; } memcpy(d,sess->key_arg,(unsigned int)karg); d+=karg; Loading @@ -711,7 +731,11 @@ static int client_finished(SSL *s) { p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_CLIENT_FINISHED; die(s->s2->conn_id_length <= sizeof s->s2->conn_id); if (s->s2->conn_id_length > sizeof s->s2->conn_id) { SSLerr(SSL_F_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR); return -1; } memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length); s->state=SSL2_ST_SEND_CLIENT_FINISHED_B; Loading Loading @@ -984,10 +1008,9 @@ static int get_server_finished(SSL *s) { if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) { die(s->session->session_id_length <= sizeof s->session->session_id); if (memcmp(buf,s->session->session_id, (unsigned int)s->session->session_id_length) != 0) if ((s->session->session_id_length > sizeof s->session->session_id) || (0 != memcmp(buf, s->session->session_id, (unsigned int)s->session->session_id_length))) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT); Loading ssl/s2_enc.c +2 −1 Original line number Diff line number Diff line Loading @@ -96,7 +96,8 @@ int ssl2_enc_init(SSL *s, int client) num=c->key_len; s->s2->key_material_length=num*2; ssl2_generate_key_material(s); if (ssl2_generate_key_material(s) <= 0) return 0; EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]), s->session->key_arg); Loading Loading
CHANGES +7 −0 Original line number Diff line number Diff line Loading @@ -1764,6 +1764,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Clean old EAY MD5 hack from e_os.h. [Richard Levitte] Changes between 0.9.6e and 0.9.6f [XX xxx XXXX] *) Use proper error handling instead of 'assertions' in buffer overflow checks added in 0.9.6e. This prevents DoS (the assertions could call abort()). [Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller] Changes between 0.9.6d and 0.9.6e [30 Jul 2002] *) Add various sanity checks to asn1_get_length() to reject Loading
crypto/cryptlib.c +0 −8 Original line number Diff line number Diff line Loading @@ -494,11 +494,3 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason, #endif #endif void OpenSSLDie(const char *file,int line,const char *assertion) { fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n", file,line,assertion); abort(); }
crypto/cryptlib.h +0 −4 Original line number Diff line number Diff line Loading @@ -93,10 +93,6 @@ extern "C" { #define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) #define HEX_SIZE(type) ((sizeof(type)*2) /* die if we have to */ void OpenSSLDie(const char *file,int line,const char *assertion); #define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) #ifdef __cplusplus } #endif Loading
ssl/s2_clnt.c +32 −9 Original line number Diff line number Diff line Loading @@ -536,7 +536,12 @@ static int get_server_hello(SSL *s) } s->s2->conn_id_length=s->s2->tmp.conn_id_length; die(s->s2->conn_id_length <= sizeof s->s2->conn_id); if (s->s2->conn_id_length > sizeof s->s2->conn_id) { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG); return -1; } memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length); return(1); } Loading Loading @@ -638,7 +643,12 @@ static int client_master_key(SSL *s) /* make key_arg data */ i=EVP_CIPHER_iv_length(c); sess->key_arg_length=i; die(i <= SSL_MAX_KEY_ARG_LENGTH); if (i > SSL_MAX_KEY_ARG_LENGTH) { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); return -1; } if (i > 0) RAND_pseudo_bytes(sess->key_arg,i); /* make a master key */ Loading @@ -646,7 +656,12 @@ static int client_master_key(SSL *s) sess->master_key_length=i; if (i > 0) { die(i <= sizeof sess->master_key); if (i > sizeof sess->master_key) { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); return -1; } if (RAND_bytes(sess->master_key,i) <= 0) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); Loading Loading @@ -690,7 +705,12 @@ static int client_master_key(SSL *s) d+=enc; karg=sess->key_arg_length; s2n(karg,p); /* key arg size */ die(karg <= sizeof sess->key_arg); if (karg > sizeof sess->key_arg) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); return -1; } memcpy(d,sess->key_arg,(unsigned int)karg); d+=karg; Loading @@ -711,7 +731,11 @@ static int client_finished(SSL *s) { p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_CLIENT_FINISHED; die(s->s2->conn_id_length <= sizeof s->s2->conn_id); if (s->s2->conn_id_length > sizeof s->s2->conn_id) { SSLerr(SSL_F_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR); return -1; } memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length); s->state=SSL2_ST_SEND_CLIENT_FINISHED_B; Loading Loading @@ -984,10 +1008,9 @@ static int get_server_finished(SSL *s) { if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) { die(s->session->session_id_length <= sizeof s->session->session_id); if (memcmp(buf,s->session->session_id, (unsigned int)s->session->session_id_length) != 0) if ((s->session->session_id_length > sizeof s->session->session_id) || (0 != memcmp(buf, s->session->session_id, (unsigned int)s->session->session_id_length))) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT); Loading
ssl/s2_enc.c +2 −1 Original line number Diff line number Diff line Loading @@ -96,7 +96,8 @@ int ssl2_enc_init(SSL *s, int client) num=c->key_len; s->s2->key_material_length=num*2; ssl2_generate_key_material(s); if (ssl2_generate_key_material(s) <= 0) return 0; EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]), s->session->key_arg); Loading
