bump to openssl-1.0.1g
Change-Id: I1e0ee6aa3d136c75309c5c70011da787806efa1f
This commit is contained in:
Caolán McNamara
parent
a341680395
commit
ccd048fa17
@ -98,7 +98,7 @@ export MYTHES_TARBALL := 46e92b68e31e858512b680b3b61dc4c1-mythes-1.2.3.tar.gz
|
||||
export NEON_TARBALL := ff369e69ef0f0143beb5626164e87ae2-neon-0.29.5.tar.gz
|
||||
export NSS_TARBALL := 06beb053e257d9e22641339c905c6eba-nss-3.15.3-with-nspr-4.10.2.tar.gz
|
||||
export OPENLDAP_TARBALL := 804c6cb5698db30b75ad0ff1c25baefd-openldap-2.4.31.tgz
|
||||
export OPENSSL_TARBALL := 66bf6f10f060d561929de96f9dfe5b8c-openssl-1.0.1e.tar.gz
|
||||
export OPENSSL_TARBALL := de62b43dfcd858e66a74bee1c834e959-openssl-1.0.1g.tar.gz
|
||||
export ORCUS_TARBALL := 7681383be6ce489d84c1c74f4e7f9643-liborcus-0.7.0.tar.bz2
|
||||
export PIXMAN_TARBALL := c63f411b3ad147db2bcce1bf262a0e02-pixman-0.24.4.tar.bz2
|
||||
export PNG_TARBALL := 9e5d864bce8f06751bbd99962ecf4aad-libpng-1.5.10.tar.gz
|
||||
|
||||
108
external/openssl/CVE-2014-0160.patch
vendored
108
external/openssl/CVE-2014-0160.patch
vendored
@ -1,108 +0,0 @@
|
||||
From: Dr. Stephen Henson <steve@openssl.org>
|
||||
Date: Sat, 5 Apr 2014 23:51:06 +0000 (+0100)
|
||||
Subject: Add heartbeat extension bounds check.
|
||||
X-Git-Tag: OpenSSL_1_0_1g~3
|
||||
X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=96db902
|
||||
|
||||
Add heartbeat extension bounds check.
|
||||
|
||||
A missing bounds check in the handling of the TLS heartbeat extension
|
||||
can be used to reveal up to 64k of memory to a connected client or
|
||||
server.
|
||||
|
||||
Thanks for Neel Mehta of Google Security for discovering this bug and to
|
||||
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
|
||||
preparing the fix (CVE-2014-0160)
|
||||
---
|
||||
|
||||
diff --git a/a/ssl/d1_both.c b/ssl/d1_both.c
|
||||
index 7a5596a..2e8cf68 100644
|
||||
--- a/a/ssl/d1_both.c
|
||||
+++ a/b/ssl/d1_both.c
|
||||
@@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s)
|
||||
unsigned int payload;
|
||||
unsigned int padding = 16; /* Use minimum padding */
|
||||
|
||||
- /* Read type and payload length first */
|
||||
- hbtype = *p++;
|
||||
- n2s(p, payload);
|
||||
- pl = p;
|
||||
-
|
||||
if (s->msg_callback)
|
||||
s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
|
||||
&s->s3->rrec.data[0], s->s3->rrec.length,
|
||||
s, s->msg_callback_arg);
|
||||
|
||||
+ /* Read type and payload length first */
|
||||
+ if (1 + 2 + 16 > s->s3->rrec.length)
|
||||
+ return 0; /* silently discard */
|
||||
+ hbtype = *p++;
|
||||
+ n2s(p, payload);
|
||||
+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
|
||||
+ return 0; /* silently discard per RFC 6520 sec. 4 */
|
||||
+ pl = p;
|
||||
+
|
||||
if (hbtype == TLS1_HB_REQUEST)
|
||||
{
|
||||
unsigned char *buffer, *bp;
|
||||
+ unsigned int write_length = 1 /* heartbeat type */ +
|
||||
+ 2 /* heartbeat length */ +
|
||||
+ payload + padding;
|
||||
int r;
|
||||
|
||||
+ if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
|
||||
+ return 0;
|
||||
+
|
||||
/* Allocate memory for the response, size is 1 byte
|
||||
* message type, plus 2 bytes payload length, plus
|
||||
* payload, plus padding
|
||||
*/
|
||||
- buffer = OPENSSL_malloc(1 + 2 + payload + padding);
|
||||
+ buffer = OPENSSL_malloc(write_length);
|
||||
bp = buffer;
|
||||
|
||||
/* Enter response type, length and copy payload */
|
||||
@@ -1489,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s)
|
||||
/* Random padding */
|
||||
RAND_pseudo_bytes(bp, padding);
|
||||
|
||||
- r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
|
||||
+ r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
|
||||
|
||||
if (r >= 0 && s->msg_callback)
|
||||
s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
|
||||
- buffer, 3 + payload + padding,
|
||||
+ buffer, write_length,
|
||||
s, s->msg_callback_arg);
|
||||
|
||||
OPENSSL_free(buffer);
|
||||
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
|
||||
index b82fada..bddffd9 100644
|
||||
--- a/a/ssl/t1_lib.c
|
||||
+++ a/b/ssl/t1_lib.c
|
||||
@@ -2588,16 +2588,20 @@ tls1_process_heartbeat(SSL *s)
|
||||
unsigned int payload;
|
||||
unsigned int padding = 16; /* Use minimum padding */
|
||||
|
||||
- /* Read type and payload length first */
|
||||
- hbtype = *p++;
|
||||
- n2s(p, payload);
|
||||
- pl = p;
|
||||
-
|
||||
if (s->msg_callback)
|
||||
s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
|
||||
&s->s3->rrec.data[0], s->s3->rrec.length,
|
||||
s, s->msg_callback_arg);
|
||||
|
||||
+ /* Read type and payload length first */
|
||||
+ if (1 + 2 + 16 > s->s3->rrec.length)
|
||||
+ return 0; /* silently discard */
|
||||
+ hbtype = *p++;
|
||||
+ n2s(p, payload);
|
||||
+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
|
||||
+ return 0; /* silently discard per RFC 6520 sec. 4 */
|
||||
+ pl = p;
|
||||
+
|
||||
if (hbtype == TLS1_HB_REQUEST)
|
||||
{
|
||||
unsigned char *buffer, *bp;
|
||||
1
external/openssl/UnpackedTarball_openssl.mk
vendored
1
external/openssl/UnpackedTarball_openssl.mk
vendored
@ -91,7 +91,6 @@ $(eval $(call gb_UnpackedTarball_fix_end_of_line,openssl,\
|
||||
))
|
||||
|
||||
$(eval $(call gb_UnpackedTarball_add_patches,openssl,\
|
||||
external/openssl/CVE-2014-0160.patch \
|
||||
$(if $(filter LINUX FREEBSD ANDROID,$(OS)),external/openssl/openssllnx.patch) \
|
||||
$(if $(filter WNTGCC,$(OS)$(COM)),external/openssl/opensslmingw.patch) \
|
||||
$(if $(filter MSC,$(COM)),external/openssl/opensslwnt.patch) \
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user