Commit e9bbefbf authored by Matt Caswell's avatar Matt Caswell
Browse files

Go into the error state if a fatal alert is sent or received 



If an application calls SSL_shutdown after a fatal alert has occured and
then behaves different based on error codes from that function then the
application may be vulnerable to a padding oracle.

CVE-2019-1559

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent c81f1695

ssl/d1_pkt.c

+1 −0
Original line number Diff line number Diff line
@@ -1309,6 +1309,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) 
            ERR_add_error_data(2, "SSL alert number ", tmp);

            s->shutdown |= SSL_RECEIVED_SHUTDOWN;

            SSL_CTX_remove_session(s->session_ctx, s->session);

            s->state = SSL_ST_ERR;

            return (0);

        } else {

            al = SSL_AD_ILLEGAL_PARAMETER;

ssl/s3_pkt.c

+7 −3
Original line number Diff line number Diff line
@@ -1500,6 +1500,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) 
            ERR_add_error_data(2, "SSL alert number ", tmp);

            s->shutdown |= SSL_RECEIVED_SHUTDOWN;

            SSL_CTX_remove_session(s->session_ctx, s->session);

            s->state = SSL_ST_ERR;

            return (0);

        } else {

            al = SSL_AD_ILLEGAL_PARAMETER;
@@ -1719,9 +1720,12 @@ int ssl3_send_alert(SSL *s, int level, int desc) 
                                          * protocol_version alerts */

    if (desc < 0)

        return -1;

    /* If a fatal one, remove from cache */

    if ((level == 2) && (s->session != NULL))

    /* If a fatal one, remove from cache and go into the error state */

    if (level == SSL3_AL_FATAL) {

        if (s->session != NULL)

            SSL_CTX_remove_session(s->session_ctx, s->session);

        s->state = SSL_ST_ERR;

    }



    s->s3->alert_dispatch = 1;

    s->s3->send_alert[0] = level;