|
|
b6acb3b |
From e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e Mon Sep 17 00:00:00 2001
|
|
|
b6acb3b |
From: Matt Caswell <matt@openssl.org>
|
|
|
b6acb3b |
Date: Fri, 14 Dec 2018 07:28:30 +0000
|
|
|
b6acb3b |
Subject: [PATCH] Go into the error state if a fatal alert is sent or received
|
|
|
b6acb3b |
|
|
|
b6acb3b |
If an application calls SSL_shutdown after a fatal alert has occured and
|
|
|
b6acb3b |
then behaves different based on error codes from that function then the
|
|
|
b6acb3b |
application may be vulnerable to a padding oracle.
|
|
|
b6acb3b |
|
|
|
b6acb3b |
CVE-2019-1559
|
|
|
b6acb3b |
|
|
|
b6acb3b |
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
b6acb3b |
---
|
|
|
b6acb3b |
ssl/d1_pkt.c | 1 +
|
|
|
b6acb3b |
ssl/s3_pkt.c | 10 +++++++---
|
|
|
b6acb3b |
2 files changed, 8 insertions(+), 3 deletions(-)
|
|
|
b6acb3b |
|
|
|
b6acb3b |
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
|
|
|
b6acb3b |
index 23aa9dbce48..c7fe97727bf 100644
|
|
|
b6acb3b |
--- a/ssl/d1_pkt.c
|
|
|
b6acb3b |
+++ b/ssl/d1_pkt.c
|
|
|
b6acb3b |
@@ -1309,6 +1309,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
|
|
|
b6acb3b |
ERR_add_error_data(2, "SSL alert number ", tmp);
|
|
|
b6acb3b |
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
|
|
|
b6acb3b |
SSL_CTX_remove_session(s->session_ctx, s->session);
|
|
|
b6acb3b |
+ s->state = SSL_ST_ERR;
|
|
|
b6acb3b |
return (0);
|
|
|
b6acb3b |
} else {
|
|
|
b6acb3b |
al = SSL_AD_ILLEGAL_PARAMETER;
|
|
|
b6acb3b |
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
|
|
|
b6acb3b |
index 6527df8ce22..830b7237a2f 100644
|
|
|
b6acb3b |
--- a/ssl/s3_pkt.c
|
|
|
b6acb3b |
+++ b/ssl/s3_pkt.c
|
|
|
b6acb3b |
@@ -1500,6 +1500,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
|
|
|
b6acb3b |
ERR_add_error_data(2, "SSL alert number ", tmp);
|
|
|
b6acb3b |
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
|
|
|
b6acb3b |
SSL_CTX_remove_session(s->session_ctx, s->session);
|
|
|
b6acb3b |
+ s->state = SSL_ST_ERR;
|
|
|
b6acb3b |
return (0);
|
|
|
b6acb3b |
} else {
|
|
|
b6acb3b |
al = SSL_AD_ILLEGAL_PARAMETER;
|
|
|
b6acb3b |
@@ -1719,9 +1720,12 @@ int ssl3_send_alert(SSL *s, int level, int desc)
|
|
|
b6acb3b |
* protocol_version alerts */
|
|
|
b6acb3b |
if (desc < 0)
|
|
|
b6acb3b |
return -1;
|
|
|
b6acb3b |
- /* If a fatal one, remove from cache */
|
|
|
b6acb3b |
- if ((level == 2) && (s->session != NULL))
|
|
|
b6acb3b |
- SSL_CTX_remove_session(s->session_ctx, s->session);
|
|
|
b6acb3b |
+ /* If a fatal one, remove from cache and go into the error state */
|
|
|
b6acb3b |
+ if (level == SSL3_AL_FATAL) {
|
|
|
b6acb3b |
+ if (s->session != NULL)
|
|
|
b6acb3b |
+ SSL_CTX_remove_session(s->session_ctx, s->session);
|
|
|
b6acb3b |
+ s->state = SSL_ST_ERR;
|
|
|
b6acb3b |
+ }
|
|
|
b6acb3b |
|
|
|
b6acb3b |
s->s3->alert_dispatch = 1;
|
|
|
b6acb3b |
s->s3->send_alert[0] = level;
|