From 79249339a7ede8054be53d22ea30ef0c1afd68b8 Mon Sep 17 00:00:00 2001 From: Tomáš Mráz Date: Jan 14 2010 08:57:34 +0000 Subject: - fix CVE-2009-4355 - leak in applications incorrectly calling CRYPTO_free_all_ex_data() before application exit (#546707) - upstream fix for future TLS protocol version handling --- diff --git a/openssl-1.0.0-beta4-cve-2009-4355.patch b/openssl-1.0.0-beta4-cve-2009-4355.patch new file mode 100644 index 0000000..61f0cd6 --- /dev/null +++ b/openssl-1.0.0-beta4-cve-2009-4355.patch @@ -0,0 +1,49 @@ +Modify compression code so it frees up structures without using the +ex_data callbacks. This works around a problem where some applications +call CRYPTO_free_all_ex_data() before application exit (e.g. when +restarting) then use compression (e.g. SSL with compression) later. +This results in significant per-connection memory leaks and +has caused some security issues including CVE-2008-1678 and +CVE-2009-4355. +[Steve Henson] +diff -up openssl-1.0.0-beta4/crypto/comp/c_zlib.c.compleak openssl-1.0.0-beta4/crypto/comp/c_zlib.c +--- openssl-1.0.0-beta4/crypto/comp/c_zlib.c.compleak 2008-12-13 18:19:40.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/comp/c_zlib.c 2010-01-13 22:06:20.000000000 +0100 +@@ -136,15 +136,6 @@ struct zlib_state + + static int zlib_stateful_ex_idx = -1; + +-static void zlib_stateful_free_ex_data(void *obj, void *item, +- CRYPTO_EX_DATA *ad, int ind,long argl, void *argp) +- { +- struct zlib_state *state = (struct zlib_state *)item; +- inflateEnd(&state->istream); +- deflateEnd(&state->ostream); +- OPENSSL_free(state); +- } +- + static int zlib_stateful_init(COMP_CTX *ctx) + { + int err; +@@ -188,6 +179,12 @@ static int zlib_stateful_init(COMP_CTX * + + static void zlib_stateful_finish(COMP_CTX *ctx) + { ++ struct zlib_state *state = ++ (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, ++ zlib_stateful_ex_idx); ++ inflateEnd(&state->istream); ++ deflateEnd(&state->ostream); ++ OPENSSL_free(state); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data); + } + +@@ -402,7 +399,7 @@ COMP_METHOD *COMP_zlib(void) + if (zlib_stateful_ex_idx == -1) + zlib_stateful_ex_idx = + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP, +- 0,NULL,NULL,NULL,zlib_stateful_free_ex_data); ++ 0,NULL,NULL,NULL,NULL); + CRYPTO_w_unlock(CRYPTO_LOCK_COMP); + if (zlib_stateful_ex_idx == -1) + goto err; diff --git a/openssl-1.0.0-beta4-tlsver.patch b/openssl-1.0.0-beta4-tlsver.patch new file mode 100644 index 0000000..88282f9 --- /dev/null +++ b/openssl-1.0.0-beta4-tlsver.patch @@ -0,0 +1,27 @@ +Fix handling of future TLS versions. +diff -up openssl-1.0.0-beta4/ssl/s23_srvr.c.tlsver openssl-1.0.0-beta4/ssl/s23_srvr.c +--- openssl-1.0.0-beta4/ssl/s23_srvr.c.tlsver 2010-01-12 22:20:15.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/s23_srvr.c 2010-01-13 22:02:47.000000000 +0100 +@@ -315,7 +315,7 @@ int ssl23_get_client_hello(SSL *s) + (p[1] == SSL3_VERSION_MAJOR) && + (p[5] == SSL3_MT_CLIENT_HELLO) && + ((p[3] == 0 && p[4] < 5 /* silly record length? */) +- || (p[9] == p[1]))) ++ || (p[9] >= p[1]))) + { + /* + * SSLv3 or tls1 header +@@ -339,6 +339,13 @@ int ssl23_get_client_hello(SSL *s) + v[1] = TLS1_VERSION_MINOR; + #endif + } ++ /* if major version number > 3 set minor to a value ++ * which will use the highest version 3 we support. ++ * If TLS 2.0 ever appears we will need to revise ++ * this.... ++ */ ++ else if (p[9] > SSL3_VERSION_MAJOR) ++ v[1]=0xff; + else + v[1]=p[10]; /* minor version according to client_version */ + if (v[1] >= TLS1_VERSION_MINOR) diff --git a/openssl.spec b/openssl.spec index 2724b5e..5afb7a7 100644 --- a/openssl.spec +++ b/openssl.spec @@ -23,7 +23,7 @@ Summary: A general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.0 -Release: 0.18.%{beta}%{?dist} +Release: 0.19.%{beta}%{?dist} # We remove certain patented algorithms from the openssl source tarball # with the hobble-openssl script which is included below. Source: openssl-%{version}-%{beta}-usa.tar.bz2 @@ -73,6 +73,8 @@ Patch66: openssl-1.0.0-beta4-backports2.patch Patch67: openssl-1.0.0-beta4-reneg-scsv.patch Patch68: openssl-1.0.0-beta4-tls-comp.patch Patch69: openssl-1.0.0-beta4-aesni.patch +Patch70: openssl-1.0.0-beta4-tlsver.patch +Patch71: openssl-1.0.0-beta4-cve-2009-4355.patch License: OpenSSL Group: System Environment/Libraries @@ -162,6 +164,8 @@ from other formats to the formats used by the OpenSSL toolkit. %patch67 -p1 -b .scsv %patch68 -p1 -b .tls-comp %patch69 -p1 -b .aesni +%patch70 -p1 -b .tlsver +%patch71 -p1 -b .compleak # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` @@ -410,6 +414,11 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun -p /sbin/ldconfig %changelog +* Thu Jan 14 2010 Tomas Mraz 1.0.0-0.19.beta4 +- fix CVE-2009-4355 - leak in applications incorrectly calling + CRYPTO_free_all_ex_data() before application exit (#546707) +- upstream fix for future TLS protocol version handling + * Wed Jan 13 2010 Tomas Mraz 1.0.0-0.18.beta4 - add support for Intel AES-NI @@ -543,7 +552,7 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* - temporarily provide symlink to old soname to make it possible to rebuild the dependent packages in rawhide - add eap-fast support (#428181) -- add possibility to disable zlib by setting +- add possibility to disable zlib by setting - add fips mode support for testing purposes - do not null dereference on some invalid smime files - add buildrequires pkgconfig (#479493) @@ -750,7 +759,7 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* - upgrade to new upstream version (no soname bump needed) - disable thread test - it was testing the backport of the RSA blinding - no longer needed -- added support for changing serial number to +- added support for changing serial number to Makefile.certificate (#151188) - make ca-bundle.crt a config file (#118903)