Bug#642579: opu: package openssl/0.9.8g-15+lenny12
On Saturday 24 September 2011 07:23:32 Adam D. Barratt wrote:
> retitle 642579 opu: package openssl/0.9.8g-15+lenny13
Right, I screwed up the title; sigh.
> On Fri, 2011-09-23 at 23:29 -0500, Raphael Geissert wrote:
> > I don't have the final debdiff as of this time, but the
> > only change is upstream's fix [1]
>
> That looks sane enough. Given that it appears to have been resolved in
> the same upstream release as -3207 and -1945, it would have been nice if
> it could have been included in -4squeeze2 and -15+lenny12, which
> resolved the latter. Ah well.
I originally intended to do so, but I only had the patch for the 1.0.0 branch,
which wouldn't apply to 0.9.8. Later Kurt kindly pointed me to the commit for
the right branch, but the packages had already been built everywhere.
> > Will send the debdiff tomorrow morning on my TZ, but I wanted to give a
> > heads up because of the point release freeze deadline.
> >
> > Please let me know if it's still feasible. It ain't an urgent issue
> > anyway.
>
> It's certainly feasible for squeeze. Lenny should be doable, assuming
> the upload doesn't get delayed.
After two power failures and lots of connectivity issues, I think lenny13
should be on your hands now. Attached is the debdiff just for the sake of
completeness.
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
diff -u openssl-0.9.8g/ssl/s3_srvr.c openssl-0.9.8g/ssl/s3_srvr.c
--- openssl-0.9.8g/ssl/s3_srvr.c
+++ openssl-0.9.8g/ssl/s3_srvr.c
@@ -671,9 +671,7 @@
if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
{
/* Throw away what we have done so far in the current handshake,
- * which will now be aborted. (A full SSL_clear would be too much.)
- * I hope that tmp.dh is the only thing that may need to be cleared
- * when a handshake is not completed ... */
+ * which will now be aborted. (A full SSL_clear would be too much.) */
#ifndef OPENSSL_NO_DH
if (s->s3->tmp.dh != NULL)
{
@@ -681,6 +679,13 @@
s->s3->tmp.dh = NULL;
}
#endif
+#ifndef OPENSSL_NO_ECDH
+ if (s->s3->tmp.ecdh != NULL)
+ {
+ EC_KEY_free(s->s3->tmp.ecdh);
+ s->s3->tmp.ecdh = NULL;
+ }
+#endif
return 2;
}
return 1;
@@ -1279,7 +1284,6 @@
if (s->s3->tmp.dh != NULL)
{
- DH_free(dh);
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -1340,7 +1344,6 @@
if (s->s3->tmp.ecdh != NULL)
{
- EC_KEY_free(s->s3->tmp.ecdh);
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -1351,12 +1354,11 @@
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
goto err;
}
- if (!EC_KEY_up_ref(ecdhp))
+ if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
{
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
goto err;
}
- ecdh = ecdhp;
s->s3->tmp.ecdh=ecdh;
if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
@@ -2210,6 +2212,12 @@
/* Get encoded point length */
i = *p;
p += 1;
+ if (n != 1 + i)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_EC_LIB);
+ goto err;
+ }
if (EC_POINT_oct2point(group,
clnt_ecpoint, p, i, bn_ctx) == 0)
{
diff -u openssl-0.9.8g/debian/changelog openssl-0.9.8g/debian/changelog
--- openssl-0.9.8g/debian/changelog
+++ openssl-0.9.8g/debian/changelog
@@ -1,3 +1,10 @@
+openssl (0.9.8g-15+lenny13) lenny; urgency=low
+
+ * Non-maintainer upload by the Security Team.
+ * Fix CVE-2011-3210: SSL memory handling for (EC)DH ciphersuites
+
+ -- Raphael Geissert <geissert@debian.org> Fri, 23 Sep 2011 23:49:25 -0500
+
openssl (0.9.8g-15+lenny12) lenny-security; urgency=high
* Non-maintainer upload by the Security Team.
only in patch2:
unchanged:
--- openssl-0.9.8g.orig/ssl/s3_lib.c
+++ openssl-0.9.8g/ssl/s3_lib.c
@@ -1722,11 +1722,17 @@
}
#ifndef OPENSSL_NO_DH
if (s->s3->tmp.dh != NULL)
+ {
DH_free(s->s3->tmp.dh);
+ s->s3->tmp.dh = NULL;
+ }
#endif
#ifndef OPENSSL_NO_ECDH
if (s->s3->tmp.ecdh != NULL)
+ {
EC_KEY_free(s->s3->tmp.ecdh);
+ s->s3->tmp.ecdh = NULL;
+ }
#endif
rp = s->s3->rbuf.buf;
Reply to: