Skip to content
  1. Jan 22, 2015
  2. Jan 13, 2015
  3. Jan 12, 2015
  4. Jan 10, 2015
  5. Jan 09, 2015
  6. Jan 08, 2015
    • Matt Caswell's avatar
      Fix build failure on Windows due to undefined cflags identifier · 5cee7238
      Matt Caswell authored
      
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      (cherry picked from commit 5c5e7e1a)
      5cee7238
    • Matt Caswell's avatar
      A memory leak can occur in dtls1_buffer_record if either of the calls to · 7c6a3cf2
      Matt Caswell authored
      
      ssl3_setup_buffers or pqueue_insert fail. The former will fail if there is a
      malloc failure, whilst the latter will fail if attempting to add a duplicate
      record to the queue. This should never happen because duplicate records should
      be detected and dropped before any attempt to add them to the queue.
      Unfortunately records that arrive that are for the next epoch are not being
      recorded correctly, and therefore replays are not being detected.
      Additionally, these "should not happen" failures that can occur in
      dtls1_buffer_record are not being treated as fatal and therefore an attacker
      could exploit this by sending repeated replay records for the next epoch,
      eventually causing a DoS through memory exhaustion.
      
      Thanks to Chris Mueller for reporting this issue and providing initial
      analysis and a patch. Further analysis and the final patch was performed by
      Matt Caswell from the OpenSSL development team.
      
      CVE-2015-0206
      
      Reviewed-by: default avatarDr Stephen Henson <steve@openssl.org>
      (cherry picked from commit 652ff0f4796eecd8729b4690f2076d1c7ccb2862)
      7c6a3cf2
    • Dr. Stephen Henson's avatar
      Unauthenticated DH client certificate fix. · be3fb8d1
      Dr. Stephen Henson authored
      
      
      Fix to prevent use of DH client certificates without sending
      certificate verify message.
      
      If we've used a client certificate to generate the premaster secret
      ssl3_get_client_key_exchange returns 2 and ssl3_get_cert_verify is
      never called.
      
      We can only skip the certificate verify message in
      ssl3_get_cert_verify if the client didn't send a certificate.
      
      Thanks to Karthikeyan Bhargavan for reporting this issue.
      CVE-2015-0205
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      be3fb8d1