Home Explore Help
Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Files Issues 1 Wiki
Browse Source

bring HEAD up to date, add CVE-2010-3864 fix, update NEWS files

Dr. Stephen Henson 13 years ago
parent
f7d2f17a07
commit
732d31beee
4 changed files with 67 additions and 20 deletions
Split View Show Diff Stats
  1. 8 0
      CHANGES
  2. 6 0
      NEWS
  3. 11 2
      STATUS
  4. 42 18
      ssl/t1_lib.c

+ 8 - 0
CHANGES
View File 

@@ -161,6 +161,10 @@
 
 
  Changes between 1.0.0a and 1.0.0b  [xx XXX xxxx]
 
 
+  *) Fix extension code to avoid race conditions which can result in a buffer
 
+     overrun vulnerability: resumed sessions must not be modified as they can
 
+     be shared by multiple threads. CVE-2010-3864
 
+
 
   *) Fix WIN32 build system to correctly link an ENGINE directory into
 
      a DLL. 
      [Steve Henson]
 
@@ -1014,6 +1018,10 @@
 
   
  Changes between 0.9.8o and 0.9.8p [xx XXX xxxx]
 
 
+  *) Fix extension code to avoid race conditions which can result in a buffer
 
+     overrun vulnerability: resumed sessions must not be modified as they can
 
+     be shared by multiple threads. CVE-2010-3864
 
+
 
   *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
 
      [Steve Henson]

+ 6 - 0
NEWS
View File 

@@ -5,6 +5,12 @@
 
   This file gives a brief overview of the major changes between each OpenSSL
 
   release. For more details please read the CHANGES file.
 
 
+  Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b:
 
+
 
+      o Fix for security issue CVE-2010-3864.
 
+      o Fix for CVE-2010-2939
 
+      o Fix WIN32 build system for GOST ENGINE.
 
+
 
   Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a:
 
 
       o Fix for security issue CVE-2010-1633.

+ 11 - 2
STATUS
View File 

@@ -1,10 +1,19 @@
 
 
   OpenSSL STATUS                           Last modified at
 
-  ______________                           $Date: 2009/04/03 11:45:14 $
 
+  ______________                           $Date: 2010/11/16 14:18:51 $
 
 
   DEVELOPMENT STATE
 
 
-    o  OpenSSL 1.0.0-beta1: Released on April 1st, 2009
 
+    o  OpenSSL 1.1.0:  Under development...
 
+    o  OpenSSL 1.0.0b: Released on November  16th, 2010
 
+    o  OpenSSL 1.0.0a: Released on June      1st,  2010
 
+    o  OpenSSL 1.0.0:  Released on March     29th, 2010
 
+    o  OpenSSL 0.9.8n: Released on March     24th, 2010
 
+    o  OpenSSL 0.9.8m: Released on February  25th, 2010
 
+    o  OpenSSL 0.9.8l: Released on November   5th, 2009
 
+    o  OpenSSL 0.9.8k: Released on March     25th, 2009
 
+    o  OpenSSL 0.9.8j: Released on January    7th, 2009
 
+    o  OpenSSL 0.9.8i: Released on September 15th, 2008
 
     o  OpenSSL 0.9.8h: Released on May       28th, 2008
 
     o  OpenSSL 0.9.8g: Released on October   19th, 2007
 
     o  OpenSSL 0.9.8f: Released on October   11th, 2007

+ 42 - 18
ssl/t1_lib.c
View File 

@@ -751,14 +751,23 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 
 				switch (servname_type)
 
 					{
 
 				case TLSEXT_NAMETYPE_host_name:
 
-					if (s->session->tlsext_hostname == NULL)
 
+					if (!s->hit)
 
 						{
 
-						if (len > TLSEXT_MAXLEN_host_name || 
-							((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL))
 
+						if(s->session->tlsext_hostname)
 
+							{
 
+							*al = SSL_AD_DECODE_ERROR;
 
+							return 0;
 
+							}
 
+						if (len > TLSEXT_MAXLEN_host_name)
 
 							{
 
 							*al = TLS1_AD_UNRECOGNIZED_NAME;
 
 							return 0;
 
 							}
 
+						if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)
 
+							{
 
+							*al = TLS1_AD_INTERNAL_ERROR;
 
+							return 0;
 
+							}
 
 						memcpy(s->session->tlsext_hostname, sdata, len);
 
 						s->session->tlsext_hostname[len]='\0';
 
 						if (strlen(s->session->tlsext_hostname) != len) {
 
@@ -771,7 +780,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 
 
 						}
 
 					else 
-						s->servername_done = strlen(s->session->tlsext_hostname) == len 
+						s->servername_done = s->session->tlsext_hostname
 
+							&& strlen(s->session->tlsext_hostname) == len 
 							&& strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
 
 					
 					break;
 
@@ -802,15 +812,22 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 
 				*al = TLS1_AD_DECODE_ERROR;
 
 				return 0;
 
 				}
 
-			s->session->tlsext_ecpointformatlist_length = 0;
 
-			if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist);
 
-			if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
 
+			if (!s->hit)
 
 				{
 
-				*al = TLS1_AD_INTERNAL_ERROR;
 
-				return 0;
 
+				if(s->session->tlsext_ecpointformatlist)
 
+					{
 
+					*al = TLS1_AD_DECODE_ERROR;
 
+					return 0;
 
+					}
 
+				s->session->tlsext_ecpointformatlist_length = 0;
 
+				if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
 
+					{
 
+					*al = TLS1_AD_INTERNAL_ERROR;
 
+					return 0;
 
+					}
 
+				s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
 
+				memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
 
 				}
 
-			s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
 
-			memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
 
 #if 0
 
 			fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ", s->session->tlsext_ecpointformatlist_length);
 
 			sdata = s->session->tlsext_ecpointformatlist;
 
@@ -831,15 +848,22 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 
 				*al = TLS1_AD_DECODE_ERROR;
 
 				return 0;
 
 				}
 
-			s->session->tlsext_ellipticcurvelist_length = 0;
 
-			if (s->session->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->session->tlsext_ellipticcurvelist);
 
-			if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL)
 
+			if (!s->hit)
 
 				{
 
-				*al = TLS1_AD_INTERNAL_ERROR;
 
-				return 0;
 
+				if(s->session->tlsext_ellipticcurvelist)
 
+					{
 
+					*al = TLS1_AD_DECODE_ERROR;
 
+					return 0;
 
+					}
 
+				s->session->tlsext_ellipticcurvelist_length = 0;
 
+				if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL)
 
+					{
 
+					*al = TLS1_AD_INTERNAL_ERROR;
 
+					return 0;
 
+					}
 
+				s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length;
 
+				memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length);
 
 				}
 
-			s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length;
 
-			memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length);
 
 #if 0
 
 			fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ", s->session->tlsext_ellipticcurvelist_length);
 
 			sdata = s->session->tlsext_ellipticcurvelist;