User: Password:
|
|
Subscribe / Log in / New account

An OpenSSL race condition

From:  openssl-AT-master.openssl.org (OpenSSL)
To:  openssl-announce-AT-master.openssl.org, openssl-dev-AT-master.openssl.org, openssl-users-AT-master.openssl.org
Subject:  OpenSSL Security Advisory
Date:  Tue, 16 Nov 2010 16:15:55 +0100 (CET)
Message-ID:  <20101116151555.62CF91EAE8F4__20027.0804380581$1289926557$gmane$org@master.openssl.org>
Archive-link:  Article

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

OpenSSL Security Advisory [16 November 2010]

TLS extension parsing race condition.
=====================================

A flaw has been found in the OpenSSL TLS server extension code parsing which
on affected servers can be exploited in a buffer overrun attack.

The OpenSSL security team would like to thank Rob Hulswit for reporting this
issue.

The fix was developed by Dr Stephen Henson of the OpenSSL core team.

This vulnerability is tracked as CVE-2010-3864

Who is affected?
=================

All versions of OpenSSL supporting TLS extensions contain this vulnerability
including OpenSSL 0.9.8f through 0.9.8o, 1.0.0, 1.0.0a releases.

Any OpenSSL based TLS server is vulnerable if it is multi-threaded and uses
OpenSSL's internal caching mechanism. Servers that are multi-process and/or
disable internal session caching are NOT affected.

In particular the Apache HTTP server (which never uses OpenSSL internal
caching) and Stunnel (which includes its own workaround) are NOT affected.

Recommendations for users of OpenSSL
=====================================

Users of all OpenSSL 0.9.8 releases from 0.9.8f through 0.9.8o should update
to the OpenSSL 0.9.8p release which contains a patch to correct this issue.

Users of OpenSSL 1.0.0 and 1.0.0a should update to the OpenSSL 1.0.0b release
which contains a patch to correct this issue.

If upgrading is not immediately possible, the relevant source code patch
provided in this advisory should be applied.

Patch for OpenSSL 0.9.8 releases
================================

Index: ssl/t1_lib.c
===================================================================
RCS file: /v/openssl/cvs/openssl/ssl/t1_lib.c,v
retrieving revision 1.13.2.27
diff -u -r1.13.2.27 t1_lib.c
- --- ssl/t1_lib.c	12 Jun 2010 13:18:58 -0000	1.13.2.27
+++ ssl/t1_lib.c	15 Nov 2010 15:20:14 -0000
@@ -432,14 +432,23 @@
 				switch (servname_type)
 					{
 				case TLSEXT_NAMETYPE_host_name:
- -					if (s->session->tlsext_hostname == NULL)
+					if (!s->hit)
 						{
- -						if (len > TLSEXT_MAXLEN_host_name || 
- -							((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL))
+						if(s->session->tlsext_hostname)
+							{
+							*al = SSL_AD_DECODE_ERROR;
+							return 0;
+							}
+						if (len > TLSEXT_MAXLEN_host_name)
 							{
 							*al = TLS1_AD_UNRECOGNIZED_NAME;
 							return 0;
 							}
+						if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)
+							{
+							*al = TLS1_AD_INTERNAL_ERROR;
+							return 0;
+							}
 						memcpy(s->session->tlsext_hostname, sdata, len);
 						s->session->tlsext_hostname[len]='\0';
 						if (strlen(s->session->tlsext_hostname) != len) {
@@ -452,7 +461,8 @@
 
 						}
 					else 
- -						s->servername_done = strlen(s->session->tlsext_hostname) == len 
+						s->servername_done = s->session->tlsext_hostname
+							&& strlen(s->session->tlsext_hostname) == len 
 							&& strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
 					
 					break;

Patch for OpenSSL 1.0.0 releases
================================

Index: ssl/t1_lib.c
===================================================================
RCS file: /v/openssl/cvs/openssl/ssl/t1_lib.c,v
retrieving revision 1.64.2.14
diff -u -r1.64.2.14 t1_lib.c
- --- ssl/t1_lib.c	15 Jun 2010 17:25:15 -0000	1.64.2.14
+++ ssl/t1_lib.c	15 Nov 2010 15:26:19 -0000
@@ -714,14 +714,23 @@
 				switch (servname_type)
 					{
 				case TLSEXT_NAMETYPE_host_name:
- -					if (s->session->tlsext_hostname == NULL)
+					if (!s->hit)
 						{
- -						if (len > TLSEXT_MAXLEN_host_name || 
- -							((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL))
+						if(s->session->tlsext_hostname)
+							{
+							*al = SSL_AD_DECODE_ERROR;
+							return 0;
+							}
+						if (len > TLSEXT_MAXLEN_host_name)
 							{
 							*al = TLS1_AD_UNRECOGNIZED_NAME;
 							return 0;
 							}
+						if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)
+							{
+							*al = TLS1_AD_INTERNAL_ERROR;
+							return 0;
+							}
 						memcpy(s->session->tlsext_hostname, sdata, len);
 						s->session->tlsext_hostname[len]='\0';
 						if (strlen(s->session->tlsext_hostname) != len) {
@@ -734,7 +743,8 @@
 
 						}
 					else 
- -						s->servername_done = strlen(s->session->tlsext_hostname) == len 
+						s->servername_done = s->session->tlsext_hostname
+							&& strlen(s->session->tlsext_hostname) == len 
 							&& strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
 					
 					break;
@@ -765,15 +775,22 @@
 				*al = TLS1_AD_DECODE_ERROR;
 				return 0;
 				}
- -			s->session->tlsext_ecpointformatlist_length = 0;
- -			if (s->session->tlsext_ecpointformatlist != NULL)
OPENSSL_free(s->session->tlsext_ecpointformatlist);
- -			if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) ==
NULL)
+			if (!s->hit)
 				{
- -				*al = TLS1_AD_INTERNAL_ERROR;
- -				return 0;
+				if(s->session->tlsext_ecpointformatlist)
+					{
+					*al = TLS1_AD_DECODE_ERROR;
+					return 0;
+					}
+				s->session->tlsext_ecpointformatlist_length = 0;
+				if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) ==
NULL)
+					{
+					*al = TLS1_AD_INTERNAL_ERROR;
+					return 0;
+					}
+				s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
+				memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
 				}
- -			s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
- -			memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
 #if 0
 			fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i)
", s->session->tlsext_ecpointformatlist_length);
 			sdata = s->session->tlsext_ecpointformatlist;
@@ -794,15 +811,22 @@
 				*al = TLS1_AD_DECODE_ERROR;
 				return 0;
 				}
- -			s->session->tlsext_ellipticcurvelist_length = 0;
- -			if (s->session->tlsext_ellipticcurvelist != NULL)
OPENSSL_free(s->session->tlsext_ellipticcurvelist);
- -			if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) ==
NULL)
+			if (!s->hit)
 				{
- -				*al = TLS1_AD_INTERNAL_ERROR;
- -				return 0;
+				if(s->session->tlsext_ellipticcurvelist)
+					{
+					*al = TLS1_AD_DECODE_ERROR;
+					return 0;
+					}
+				s->session->tlsext_ellipticcurvelist_length = 0;
+				if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) ==
NULL)
+					{
+					*al = TLS1_AD_INTERNAL_ERROR;
+					return 0;
+					}
+				s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length;
+				memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length);
 				}
- -			s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length;
- -			memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length);
 #if 0
 			fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i)
", s->session->tlsext_ellipticcurvelist_length);
 			sdata = s->session->tlsext_ellipticcurvelist;


References
===========

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20101116.txt


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEVAwUBTOKStqLSm3vylcdZAQLB6gf+P8bp6sBcGN7NLsgO2HpcvkbrTOWLpa70
00rpXLjgS4gcCod/JjTtVJ0g6g5VNKpiQeTY6YQ4RFMrpt32b7DvtXjob99kcHHZ
haPug84pZpGh382FblatFxm1ujVlH2O2VRzFVrbd7YNHv07yKKoBxz1AE0OccUjH
gF0gjg0H5ICHLCbXn9pUJuxdDogLKUV+M5YsmcjEJpiu27Jazvb3iMDuIkCA3aXJ
2W64c0SEH6RlLMtkuDb6celF7J4iocAXPfj0HZCkVWS2/Fq36lDkYaOWPBinsNt7
MlRCIdwtEKxwFKSF4tL4r4i0hfgovI/YvxhQ5hzi/pv45GJqedCb7g==
=e2kX
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Announcement Mailing List                 openssl-announce@openssl.org
Automated List Manager                           majordomo@openssl.org



(Log in to post comments)

An OpenSSL race condition

Posted Nov 17, 2010 18:49 UTC (Wed) by branden (guest, #7029) [Link]

Evidently, Rob Hulswit reported this issue to a mailing list the OpenSSL core team actually reads.


Copyright © 2010, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds