bring HEAD up to date, add CVE-2010-3864 fix, update NEWS files (732d31be) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+8 −0

Original line number	Diff line number	Diff line
		@@ -161,6 +161,10 @@

		Changes between 1.0.0a and 1.0.0b [xx XXX xxxx]

		*) Fix extension code to avoid race conditions which can result in a buffer
		overrun vulnerability: resumed sessions must not be modified as they can
		be shared by multiple threads. CVE-2010-3864

		*) Fix WIN32 build system to correctly link an ENGINE directory into
		a DLL.
		[Steve Henson]
		@@ -1014,6 +1018,10 @@

		Changes between 0.9.8o and 0.9.8p [xx XXX xxxx]

		*) Fix extension code to avoid race conditions which can result in a buffer
		overrun vulnerability: resumed sessions must not be modified as they can
		be shared by multiple threads. CVE-2010-3864

		*) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
		[Steve Henson]

NEWS

+6 −0

Original line number	Diff line number	Diff line
		@@ -5,6 +5,12 @@
		This file gives a brief overview of the major changes between each OpenSSL
		release. For more details please read the CHANGES file.

		Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b:

		o Fix for security issue CVE-2010-3864.
		o Fix for CVE-2010-2939
		o Fix WIN32 build system for GOST ENGINE.

		Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a:

		o Fix for security issue CVE-2010-1633.

STATUS

+11 −2

Original line number	Diff line number	Diff line

		OpenSSL STATUS Last modified at
		______________ $Date: 2009/04/03 11:45:14 $
		______________ $Date: 2010/11/16 14:18:51 $

		DEVELOPMENT STATE

		o OpenSSL 1.0.0-beta1: Released on April 1st, 2009
		o OpenSSL 1.1.0: Under development...
		o OpenSSL 1.0.0b: Released on November 16th, 2010
		o OpenSSL 1.0.0a: Released on June 1st, 2010
		o OpenSSL 1.0.0: Released on March 29th, 2010
		o OpenSSL 0.9.8n: Released on March 24th, 2010
		o OpenSSL 0.9.8m: Released on February 25th, 2010
		o OpenSSL 0.9.8l: Released on November 5th, 2009
		o OpenSSL 0.9.8k: Released on March 25th, 2009
		o OpenSSL 0.9.8j: Released on January 7th, 2009
		o OpenSSL 0.9.8i: Released on September 15th, 2008
		o OpenSSL 0.9.8h: Released on May 28th, 2008
		o OpenSSL 0.9.8g: Released on October 19th, 2007
		o OpenSSL 0.9.8f: Released on October 11th, 2007

ssl/t1_lib.c

+42 −18

Original line number	Diff line number	Diff line
		@@ -751,14 +751,23 @@ int ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d, in
		switch (servname_type)
		{
		case TLSEXT_NAMETYPE_host_name:
		if (s->session->tlsext_hostname == NULL)
		if (!s->hit)
		{
		if(s->session->tlsext_hostname)
		{
		if (len > TLSEXT_MAXLEN_host_name \|\|
		((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL))
		*al = SSL_AD_DECODE_ERROR;
		return 0;
		}
		if (len > TLSEXT_MAXLEN_host_name)
		{
		*al = TLS1_AD_UNRECOGNIZED_NAME;
		return 0;
		}
		if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)
		{
		*al = TLS1_AD_INTERNAL_ERROR;
		return 0;
		}
		memcpy(s->session->tlsext_hostname, sdata, len);
		s->session->tlsext_hostname[len]='\0';
		if (strlen(s->session->tlsext_hostname) != len) {
		@@ -771,7 +780,8 @@ int ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d, in

		}
		else
		s->servername_done = strlen(s->session->tlsext_hostname) == len
		s->servername_done = s->session->tlsext_hostname
		&& strlen(s->session->tlsext_hostname) == len
		&& strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;

		break;
		@@ -802,8 +812,14 @@ int ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d, in
		*al = TLS1_AD_DECODE_ERROR;
		return 0;
		}
		if (!s->hit)
		{
		if(s->session->tlsext_ecpointformatlist)
		{
		*al = TLS1_AD_DECODE_ERROR;
		return 0;
		}
		s->session->tlsext_ecpointformatlist_length = 0;
		if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist);
		if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
		{
		*al = TLS1_AD_INTERNAL_ERROR;
		@@ -811,6 +827,7 @@ int ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d, in
		}
		s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
		memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
		}
		#if 0
		fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ", s->session->tlsext_ecpointformatlist_length);
		sdata = s->session->tlsext_ecpointformatlist;
		@@ -831,8 +848,14 @@ int ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d, in
		*al = TLS1_AD_DECODE_ERROR;
		return 0;
		}
		if (!s->hit)
		{
		if(s->session->tlsext_ellipticcurvelist)
		{
		*al = TLS1_AD_DECODE_ERROR;
		return 0;
		}
		s->session->tlsext_ellipticcurvelist_length = 0;
		if (s->session->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->session->tlsext_ellipticcurvelist);
		if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL)
		{
		*al = TLS1_AD_INTERNAL_ERROR;
		@@ -840,6 +863,7 @@ int ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d, in
		}
		s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length;
		memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length);
		}
		#if 0
		fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ", s->session->tlsext_ellipticcurvelist_length);
		sdata = s->session->tlsext_ellipticcurvelist;