From owner-svn-src-releng@freebsd.org  Wed Nov  2 07:23:21 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 710EEC2BFBC;
 Wed,  2 Nov 2016 07:23:21 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 01A401926;
 Wed,  2 Nov 2016 07:23:20 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id uA27NKVw078267;
 Wed, 2 Nov 2016 07:23:20 GMT (envelope-from delphij@FreeBSD.org)
Received: (from delphij@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id uA27NJN0078264;
 Wed, 2 Nov 2016 07:23:19 GMT (envelope-from delphij@FreeBSD.org)
Message-Id: <201611020723.uA27NJN0078264@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: delphij set sender to
 delphij@FreeBSD.org using -f
From: Xin LI <delphij@FreeBSD.org>
Date: Wed, 2 Nov 2016 07:23:19 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Subject: svn commit: r308202 - in releng/11.0: . crypto/openssh sys/conf
X-SVN-Group: releng
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2016 07:23:21 -0000

Author: delphij
Date: Wed Nov  2 07:23:19 2016
New Revision: 308202
URL: https://svnweb.freebsd.org/changeset/base/308202

Log:
  Fix Fix OpenSSH remote Denial of Service vulnerability.
  
  Security:	FreeBSD-SA-16:33.openssh
  Approved by:	so

Modified:
  releng/11.0/UPDATING
  releng/11.0/crypto/openssh/kex.c
  releng/11.0/sys/conf/newvers.sh

Modified: releng/11.0/UPDATING
==============================================================================
--- releng/11.0/UPDATING	Wed Nov  2 07:18:27 2016	(r308201)
+++ releng/11.0/UPDATING	Wed Nov  2 07:23:19 2016	(r308202)
@@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITH
 the tip of head, and then rebuild without this option. The bootstrap process
 from older version of current across the gcc/clang cutover is a bit fragile.
 
+20161102	p3	FreeBSD-SA-16:33.openssh
+
+	Fix Fix OpenSSH remote Denial of Service vulnerability.
+
 20161025	p2	FreeBSD-SA-16:15.sysarch [revised]
 			FreeBSD-SA-16:32.bhyve
 

Modified: releng/11.0/crypto/openssh/kex.c
==============================================================================
--- releng/11.0/crypto/openssh/kex.c	Wed Nov  2 07:18:27 2016	(r308201)
+++ releng/11.0/crypto/openssh/kex.c	Wed Nov  2 07:23:19 2016	(r308202)
@@ -468,6 +468,7 @@ kex_input_kexinit(int type, u_int32_t se
 	if (kex == NULL)
 		return SSH_ERR_INVALID_ARGUMENT;
 
+	ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL);
 	ptr = sshpkt_ptr(ssh, &dlen);
 	if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0)
 		return r;

Modified: releng/11.0/sys/conf/newvers.sh
==============================================================================
--- releng/11.0/sys/conf/newvers.sh	Wed Nov  2 07:18:27 2016	(r308201)
+++ releng/11.0/sys/conf/newvers.sh	Wed Nov  2 07:23:19 2016	(r308202)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="11.0"
-BRANCH="RELEASE-p2"
+BRANCH="RELEASE-p3"
 if [ -n "${BRANCH_OVERRIDE}" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi

From owner-svn-src-releng@freebsd.org  Wed Nov  2 07:23:39 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 25365C2A004;
 Wed,  2 Nov 2016 07:23:39 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9818D1B60;
 Wed,  2 Nov 2016 07:23:38 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id uA27Nb83078328;
 Wed, 2 Nov 2016 07:23:37 GMT (envelope-from delphij@FreeBSD.org)
Received: (from delphij@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id uA27NaTu078319;
 Wed, 2 Nov 2016 07:23:36 GMT (envelope-from delphij@FreeBSD.org)
Message-Id: <201611020723.uA27NaTu078319@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: delphij set sender to
 delphij@FreeBSD.org using -f
From: Xin LI <delphij@FreeBSD.org>
Date: Wed, 2 Nov 2016 07:23:36 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Subject: svn commit: r308203 - in releng/10.3: . crypto/openssh
 crypto/openssl/ssl sys/conf
X-SVN-Group: releng
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2016 07:23:39 -0000

Author: delphij
Date: Wed Nov  2 07:23:36 2016
New Revision: 308203
URL: https://svnweb.freebsd.org/changeset/base/308203

Log:
  Fix OpenSSH remote Denial of Service vulnerability. [SA-16:33]
  
  Fix OpenSSL remote DoS vulnerability. [SA-16:35]
  
  Security:	FreeBSD-SA-16:33.openssh
  Security:	FreeBSD-SA-16:35.openssl
  Approved by:	so

Modified:
  releng/10.3/UPDATING
  releng/10.3/crypto/openssh/kex.c
  releng/10.3/crypto/openssl/ssl/d1_pkt.c
  releng/10.3/crypto/openssl/ssl/s3_pkt.c
  releng/10.3/crypto/openssl/ssl/ssl.h
  releng/10.3/crypto/openssl/ssl/ssl3.h
  releng/10.3/crypto/openssl/ssl/ssl_locl.h
  releng/10.3/sys/conf/newvers.sh

Modified: releng/10.3/UPDATING
==============================================================================
--- releng/10.3/UPDATING	Wed Nov  2 07:23:19 2016	(r308202)
+++ releng/10.3/UPDATING	Wed Nov  2 07:23:36 2016	(r308203)
@@ -16,6 +16,13 @@ from older versions of FreeBSD, try WITH
 stable/10, and then rebuild without this option. The bootstrap process from
 older version of current is a bit fragile.
 
+20161102	p12	FreeBSD-SA-16:33.openssh
+			FreeBSD-SA-16:35.openssl
+
+	Fix OpenSSH remote Denial of Service vulnerability. [SA-16:33]
+
+	Fix OpenSSL remote DoS vulnerability. [SA-16:35]
+
 20161025	p11	FreeBSD-SA-16:15.sysarch [revised]
 			FreeBSD-EN-16:17.vm
 

Modified: releng/10.3/crypto/openssh/kex.c
==============================================================================
--- releng/10.3/crypto/openssh/kex.c	Wed Nov  2 07:23:19 2016	(r308202)
+++ releng/10.3/crypto/openssh/kex.c	Wed Nov  2 07:23:36 2016	(r308203)
@@ -468,6 +468,7 @@ kex_input_kexinit(int type, u_int32_t se
 	if (kex == NULL)
 		return SSH_ERR_INVALID_ARGUMENT;
 
+	ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL);
 	ptr = sshpkt_ptr(ssh, &dlen);
 	if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0)
 		return r;

Modified: releng/10.3/crypto/openssl/ssl/d1_pkt.c
==============================================================================
--- releng/10.3/crypto/openssl/ssl/d1_pkt.c	Wed Nov  2 07:23:19 2016	(r308202)
+++ releng/10.3/crypto/openssl/ssl/d1_pkt.c	Wed Nov  2 07:23:36 2016	(r308203)
@@ -924,6 +924,13 @@ int dtls1_read_bytes(SSL *s, int type, u
         goto start;
     }
 
+    /*
+     * Reset the count of consecutive warning alerts if we've got a non-empty
+     * record that isn't an alert.
+     */
+    if (rr->type != SSL3_RT_ALERT && rr->length != 0)
+        s->s3->alert_count = 0;
+
     /* we now have a packet which can be read and processed */
 
     if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
@@ -1190,6 +1197,14 @@ int dtls1_read_bytes(SSL *s, int type, u
 
         if (alert_level == SSL3_AL_WARNING) {
             s->s3->warn_alert = alert_descr;
+
+            s->s3->alert_count++;
+            if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) {
+                al = SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
+                goto f_err;
+            }
+
             if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
 #ifndef OPENSSL_NO_SCTP
                 /*

Modified: releng/10.3/crypto/openssl/ssl/s3_pkt.c
==============================================================================
--- releng/10.3/crypto/openssl/ssl/s3_pkt.c	Wed Nov  2 07:23:19 2016	(r308202)
+++ releng/10.3/crypto/openssl/ssl/s3_pkt.c	Wed Nov  2 07:23:36 2016	(r308203)
@@ -1057,6 +1057,13 @@ int ssl3_read_bytes(SSL *s, int type, un
             return (ret);
     }
 
+    /*
+     * Reset the count of consecutive warning alerts if we've got a non-empty
+     * record that isn't an alert.
+     */
+    if (rr->type != SSL3_RT_ALERT && rr->length != 0)
+        s->s3->alert_count = 0;
+
     /* we now have a packet which can be read and processed */
 
     if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
@@ -1271,6 +1278,14 @@ int ssl3_read_bytes(SSL *s, int type, un
 
         if (alert_level == SSL3_AL_WARNING) {
             s->s3->warn_alert = alert_descr;
+
+            s->s3->alert_count++;
+            if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) {
+                al = SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
+                goto f_err;
+            }
+
             if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
                 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
                 return (0);

Modified: releng/10.3/crypto/openssl/ssl/ssl.h
==============================================================================
--- releng/10.3/crypto/openssl/ssl/ssl.h	Wed Nov  2 07:23:19 2016	(r308202)
+++ releng/10.3/crypto/openssl/ssl/ssl.h	Wed Nov  2 07:23:36 2016	(r308203)
@@ -2717,6 +2717,7 @@ void ERR_load_SSL_strings(void);
 # define SSL_R_TLS_HEARTBEAT_PENDING                      366
 # define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL                 367
 # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST             157
+# define SSL_R_TOO_MANY_WARN_ALERTS                       409
 # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
 # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG    234
 # define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER            235

Modified: releng/10.3/crypto/openssl/ssl/ssl3.h
==============================================================================
--- releng/10.3/crypto/openssl/ssl/ssl3.h	Wed Nov  2 07:23:19 2016	(r308202)
+++ releng/10.3/crypto/openssl/ssl/ssl3.h	Wed Nov  2 07:23:36 2016	(r308203)
@@ -587,6 +587,8 @@ typedef struct ssl3_state_st {
     char is_probably_safari;
 #   endif                       /* !OPENSSL_NO_EC */
 #  endif                        /* !OPENSSL_NO_TLSEXT */
+    /* Count of the number of consecutive warning alerts received */
+    unsigned int alert_count;
 } SSL3_STATE;
 
 # endif

Modified: releng/10.3/crypto/openssl/ssl/ssl_locl.h
==============================================================================
--- releng/10.3/crypto/openssl/ssl/ssl_locl.h	Wed Nov  2 07:23:19 2016	(r308202)
+++ releng/10.3/crypto/openssl/ssl/ssl_locl.h	Wed Nov  2 07:23:36 2016	(r308203)
@@ -389,6 +389,8 @@
  */
 # define SSL_MAX_DIGEST 6
 
+# define MAX_WARN_ALERT_COUNT    5
+
 # define TLS1_PRF_DGST_MASK      (0xff << TLS1_PRF_DGST_SHIFT)
 
 # define TLS1_PRF_DGST_SHIFT 10

Modified: releng/10.3/sys/conf/newvers.sh
==============================================================================
--- releng/10.3/sys/conf/newvers.sh	Wed Nov  2 07:23:19 2016	(r308202)
+++ releng/10.3/sys/conf/newvers.sh	Wed Nov  2 07:23:36 2016	(r308203)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="10.3"
-BRANCH="RELEASE-p11"
+BRANCH="RELEASE-p12"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi

From owner-svn-src-releng@freebsd.org  Wed Nov  2 07:24:17 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C710BC2A079;
 Wed,  2 Nov 2016 07:24:17 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 8E8021F3C;
 Wed,  2 Nov 2016 07:24:17 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id uA27OGQl078407;
 Wed, 2 Nov 2016 07:24:16 GMT (envelope-from delphij@FreeBSD.org)
Received: (from delphij@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id uA27OF22078392;
 Wed, 2 Nov 2016 07:24:15 GMT (envelope-from delphij@FreeBSD.org)
Message-Id: <201611020724.uA27OF22078392@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: delphij set sender to
 delphij@FreeBSD.org using -f
From: Xin LI <delphij@FreeBSD.org>
Date: Wed, 2 Nov 2016 07:24:15 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Subject: svn commit: r308204 - in releng: 10.1 10.1/crypto/openssl/ssl
 10.1/sys/conf 10.2 10.2/crypto/openssl/ssl 10.2/sys/conf
X-SVN-Group: releng
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2016 07:24:18 -0000

Author: delphij
Date: Wed Nov  2 07:24:14 2016
New Revision: 308204
URL: https://svnweb.freebsd.org/changeset/base/308204

Log:
  Fix OpenSSL remote DoS vulnerability. [SA-16:35]
  
  Security:	FreeBSD-SA-16:35.openssl
  Approved by:	so

Modified:
  releng/10.1/UPDATING
  releng/10.1/crypto/openssl/ssl/d1_pkt.c
  releng/10.1/crypto/openssl/ssl/s3_pkt.c
  releng/10.1/crypto/openssl/ssl/ssl.h
  releng/10.1/crypto/openssl/ssl/ssl3.h
  releng/10.1/crypto/openssl/ssl/ssl_locl.h
  releng/10.1/sys/conf/newvers.sh
  releng/10.2/UPDATING
  releng/10.2/crypto/openssl/ssl/d1_pkt.c
  releng/10.2/crypto/openssl/ssl/s3_pkt.c
  releng/10.2/crypto/openssl/ssl/ssl.h
  releng/10.2/crypto/openssl/ssl/ssl3.h
  releng/10.2/crypto/openssl/ssl/ssl_locl.h
  releng/10.2/sys/conf/newvers.sh

Modified: releng/10.1/UPDATING
==============================================================================
--- releng/10.1/UPDATING	Wed Nov  2 07:23:36 2016	(r308203)
+++ releng/10.1/UPDATING	Wed Nov  2 07:24:14 2016	(r308204)
@@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITH
 stable/10, and then rebuild without this option. The bootstrap process from
 older version of current is a bit fragile.
 
+20161102	p42	FreeBSD-SA-16:35.openssl
+
+	Fix OpenSSL remote DoS vulnerability. [SA-16:35]
+
 20161025	p41	FreeBSD-SA-16:15.sysarch [revised]
 
 	Fix incorrect argument validation in sysarch(2). [SA-16:15]

Modified: releng/10.1/crypto/openssl/ssl/d1_pkt.c
==============================================================================
--- releng/10.1/crypto/openssl/ssl/d1_pkt.c	Wed Nov  2 07:23:36 2016	(r308203)
+++ releng/10.1/crypto/openssl/ssl/d1_pkt.c	Wed Nov  2 07:24:14 2016	(r308204)
@@ -924,6 +924,13 @@ int dtls1_read_bytes(SSL *s, int type, u
         goto start;
     }
 
+    /*
+     * Reset the count of consecutive warning alerts if we've got a non-empty
+     * record that isn't an alert.
+     */
+    if (rr->type != SSL3_RT_ALERT && rr->length != 0)
+        s->s3->alert_count = 0;
+
     /* we now have a packet which can be read and processed */
 
     if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
@@ -1190,6 +1197,14 @@ int dtls1_read_bytes(SSL *s, int type, u
 
         if (alert_level == SSL3_AL_WARNING) {
             s->s3->warn_alert = alert_descr;
+
+            s->s3->alert_count++;
+            if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) {
+                al = SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
+                goto f_err;
+            }
+
             if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
 #ifndef OPENSSL_NO_SCTP
                 /*

Modified: releng/10.1/crypto/openssl/ssl/s3_pkt.c
==============================================================================
--- releng/10.1/crypto/openssl/ssl/s3_pkt.c	Wed Nov  2 07:23:36 2016	(r308203)
+++ releng/10.1/crypto/openssl/ssl/s3_pkt.c	Wed Nov  2 07:24:14 2016	(r308204)
@@ -1057,6 +1057,13 @@ int ssl3_read_bytes(SSL *s, int type, un
             return (ret);
     }
 
+    /*
+     * Reset the count of consecutive warning alerts if we've got a non-empty
+     * record that isn't an alert.
+     */
+    if (rr->type != SSL3_RT_ALERT && rr->length != 0)
+        s->s3->alert_count = 0;
+
     /* we now have a packet which can be read and processed */
 
     if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
@@ -1271,6 +1278,14 @@ int ssl3_read_bytes(SSL *s, int type, un
 
         if (alert_level == SSL3_AL_WARNING) {
             s->s3->warn_alert = alert_descr;
+
+            s->s3->alert_count++;
+            if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) {
+                al = SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
+                goto f_err;
+            }
+
             if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
                 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
                 return (0);

Modified: releng/10.1/crypto/openssl/ssl/ssl.h
==============================================================================
--- releng/10.1/crypto/openssl/ssl/ssl.h	Wed Nov  2 07:23:36 2016	(r308203)
+++ releng/10.1/crypto/openssl/ssl/ssl.h	Wed Nov  2 07:24:14 2016	(r308204)
@@ -2713,6 +2713,7 @@ void ERR_load_SSL_strings(void);
 # define SSL_R_TLS_HEARTBEAT_PENDING                      366
 # define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL                 367
 # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST             157
+# define SSL_R_TOO_MANY_WARN_ALERTS                       409
 # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
 # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG    234
 # define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER            235

Modified: releng/10.1/crypto/openssl/ssl/ssl3.h
==============================================================================
--- releng/10.1/crypto/openssl/ssl/ssl3.h	Wed Nov  2 07:23:36 2016	(r308203)
+++ releng/10.1/crypto/openssl/ssl/ssl3.h	Wed Nov  2 07:24:14 2016	(r308204)
@@ -585,6 +585,8 @@ typedef struct ssl3_state_st {
     char is_probably_safari;
 #   endif                       /* !OPENSSL_NO_EC */
 #  endif                        /* !OPENSSL_NO_TLSEXT */
+    /* Count of the number of consecutive warning alerts received */
+    unsigned int alert_count;
 } SSL3_STATE;
 
 # endif

Modified: releng/10.1/crypto/openssl/ssl/ssl_locl.h
==============================================================================
--- releng/10.1/crypto/openssl/ssl/ssl_locl.h	Wed Nov  2 07:23:36 2016	(r308203)
+++ releng/10.1/crypto/openssl/ssl/ssl_locl.h	Wed Nov  2 07:24:14 2016	(r308204)
@@ -389,6 +389,8 @@
  */
 # define SSL_MAX_DIGEST 6
 
+# define MAX_WARN_ALERT_COUNT    5
+
 # define TLS1_PRF_DGST_MASK      (0xff << TLS1_PRF_DGST_SHIFT)
 
 # define TLS1_PRF_DGST_SHIFT 10

Modified: releng/10.1/sys/conf/newvers.sh
==============================================================================
--- releng/10.1/sys/conf/newvers.sh	Wed Nov  2 07:23:36 2016	(r308203)
+++ releng/10.1/sys/conf/newvers.sh	Wed Nov  2 07:24:14 2016	(r308204)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="10.1"
-BRANCH="RELEASE-p41"
+BRANCH="RELEASE-p42"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi

Modified: releng/10.2/UPDATING
==============================================================================
--- releng/10.2/UPDATING	Wed Nov  2 07:23:36 2016	(r308203)
+++ releng/10.2/UPDATING	Wed Nov  2 07:24:14 2016	(r308204)
@@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITH
 stable/10, and then rebuild without this option. The bootstrap process from
 older version of current is a bit fragile.
 
+20161102	p25	FreeBSD-SA-16:35.openssl
+
+	Fix OpenSSL remote DoS vulnerability. [SA-16:35]
+
 20161025	p24	FreeBSD-SA-16:15.sysarch [revised]
 
 	Fix incorrect argument validation in sysarch(2). [SA-16:15]

Modified: releng/10.2/crypto/openssl/ssl/d1_pkt.c
==============================================================================
--- releng/10.2/crypto/openssl/ssl/d1_pkt.c	Wed Nov  2 07:23:36 2016	(r308203)
+++ releng/10.2/crypto/openssl/ssl/d1_pkt.c	Wed Nov  2 07:24:14 2016	(r308204)
@@ -924,6 +924,13 @@ int dtls1_read_bytes(SSL *s, int type, u
         goto start;
     }
 
+    /*
+     * Reset the count of consecutive warning alerts if we've got a non-empty
+     * record that isn't an alert.
+     */
+    if (rr->type != SSL3_RT_ALERT && rr->length != 0)
+        s->s3->alert_count = 0;
+
     /* we now have a packet which can be read and processed */
 
     if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
@@ -1190,6 +1197,14 @@ int dtls1_read_bytes(SSL *s, int type, u
 
         if (alert_level == SSL3_AL_WARNING) {
             s->s3->warn_alert = alert_descr;
+
+            s->s3->alert_count++;
+            if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) {
+                al = SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
+                goto f_err;
+            }
+
             if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
 #ifndef OPENSSL_NO_SCTP
                 /*

Modified: releng/10.2/crypto/openssl/ssl/s3_pkt.c
==============================================================================
--- releng/10.2/crypto/openssl/ssl/s3_pkt.c	Wed Nov  2 07:23:36 2016	(r308203)
+++ releng/10.2/crypto/openssl/ssl/s3_pkt.c	Wed Nov  2 07:24:14 2016	(r308204)
@@ -1057,6 +1057,13 @@ int ssl3_read_bytes(SSL *s, int type, un
             return (ret);
     }
 
+    /*
+     * Reset the count of consecutive warning alerts if we've got a non-empty
+     * record that isn't an alert.
+     */
+    if (rr->type != SSL3_RT_ALERT && rr->length != 0)
+        s->s3->alert_count = 0;
+
     /* we now have a packet which can be read and processed */
 
     if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
@@ -1271,6 +1278,14 @@ int ssl3_read_bytes(SSL *s, int type, un
 
         if (alert_level == SSL3_AL_WARNING) {
             s->s3->warn_alert = alert_descr;
+
+            s->s3->alert_count++;
+            if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) {
+                al = SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
+                goto f_err;
+            }
+
             if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
                 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
                 return (0);

Modified: releng/10.2/crypto/openssl/ssl/ssl.h
==============================================================================
--- releng/10.2/crypto/openssl/ssl/ssl.h	Wed Nov  2 07:23:36 2016	(r308203)
+++ releng/10.2/crypto/openssl/ssl/ssl.h	Wed Nov  2 07:24:14 2016	(r308204)
@@ -2713,6 +2713,7 @@ void ERR_load_SSL_strings(void);
 # define SSL_R_TLS_HEARTBEAT_PENDING                      366
 # define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL                 367
 # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST             157
+# define SSL_R_TOO_MANY_WARN_ALERTS                       409
 # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
 # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG    234
 # define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER            235

Modified: releng/10.2/crypto/openssl/ssl/ssl3.h
==============================================================================
--- releng/10.2/crypto/openssl/ssl/ssl3.h	Wed Nov  2 07:23:36 2016	(r308203)
+++ releng/10.2/crypto/openssl/ssl/ssl3.h	Wed Nov  2 07:24:14 2016	(r308204)
@@ -585,6 +585,8 @@ typedef struct ssl3_state_st {
     char is_probably_safari;
 #   endif                       /* !OPENSSL_NO_EC */
 #  endif                        /* !OPENSSL_NO_TLSEXT */
+    /* Count of the number of consecutive warning alerts received */
+    unsigned int alert_count;
 } SSL3_STATE;
 
 # endif

Modified: releng/10.2/crypto/openssl/ssl/ssl_locl.h
==============================================================================
--- releng/10.2/crypto/openssl/ssl/ssl_locl.h	Wed Nov  2 07:23:36 2016	(r308203)
+++ releng/10.2/crypto/openssl/ssl/ssl_locl.h	Wed Nov  2 07:24:14 2016	(r308204)
@@ -389,6 +389,8 @@
  */
 # define SSL_MAX_DIGEST 6
 
+# define MAX_WARN_ALERT_COUNT    5
+
 # define TLS1_PRF_DGST_MASK      (0xff << TLS1_PRF_DGST_SHIFT)
 
 # define TLS1_PRF_DGST_SHIFT 10

Modified: releng/10.2/sys/conf/newvers.sh
==============================================================================
--- releng/10.2/sys/conf/newvers.sh	Wed Nov  2 07:23:36 2016	(r308203)
+++ releng/10.2/sys/conf/newvers.sh	Wed Nov  2 07:24:14 2016	(r308204)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="10.2"
-BRANCH="RELEASE-p24"
+BRANCH="RELEASE-p25"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi

From owner-svn-src-releng@freebsd.org  Wed Nov  2 07:24:36 2016
Return-Path: <owner-svn-src-releng@freebsd.org>
Delivered-To: svn-src-releng@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B5EEAC2A0FD;
 Wed,  2 Nov 2016 07:24:36 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 7894D1269;
 Wed,  2 Nov 2016 07:24:36 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id uA27OZhL078469;
 Wed, 2 Nov 2016 07:24:35 GMT (envelope-from delphij@FreeBSD.org)
Received: (from delphij@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id uA27OYtu078461;
 Wed, 2 Nov 2016 07:24:34 GMT (envelope-from delphij@FreeBSD.org)
Message-Id: <201611020724.uA27OYtu078461@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: delphij set sender to
 delphij@FreeBSD.org using -f
From: Xin LI <delphij@FreeBSD.org>
Date: Wed, 2 Nov 2016 07:24:34 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Subject: svn commit: r308205 - in releng/9.3: . contrib/bind9/lib/dns
 crypto/openssl/ssl sys/conf
X-SVN-Group: releng
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-releng>, 
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2016 07:24:36 -0000

Author: delphij
Date: Wed Nov  2 07:24:34 2016
New Revision: 308205
URL: https://svnweb.freebsd.org/changeset/base/308205

Log:
  Fix BIND remote Denial of Service vulnerability. [SA-16:34]
  
  Fix OpenSSL remote DoS vulnerability. [SA-16:35]
  
  Security:	FreeBSD-SA-16:34.bind
  Security:	FreeBSD-SA-16:35.openssl
  Approved by:	so

Modified:
  releng/9.3/UPDATING
  releng/9.3/contrib/bind9/lib/dns/resolver.c
  releng/9.3/crypto/openssl/ssl/d1_pkt.c
  releng/9.3/crypto/openssl/ssl/s3_pkt.c
  releng/9.3/crypto/openssl/ssl/ssl.h
  releng/9.3/crypto/openssl/ssl/ssl3.h
  releng/9.3/crypto/openssl/ssl/ssl_locl.h
  releng/9.3/sys/conf/newvers.sh

Modified: releng/9.3/UPDATING
==============================================================================
--- releng/9.3/UPDATING	Wed Nov  2 07:24:14 2016	(r308204)
+++ releng/9.3/UPDATING	Wed Nov  2 07:24:34 2016	(r308205)
@@ -11,6 +11,13 @@ handbook:
 Items affecting the ports and packages system can be found in
 /usr/ports/UPDATING.  Please read that file before running portupgrade.
 
+20161102	p50	FreeBSD-SA-16:34.bind
+			FreeBSD-SA-16:35.openssl
+
+	Fix BIND remote Denial of Service vulnerability. [SA-16:34]
+
+	Fix OpenSSL remote DoS vulnerability. [SA-16:35]
+
 20161025	p49	FreeBSD-SA-16:15.sysarch [revised]
 
 	Fix incorrect argument validation in sysarch(2). [SA-16:15]

Modified: releng/9.3/contrib/bind9/lib/dns/resolver.c
==============================================================================
--- releng/9.3/contrib/bind9/lib/dns/resolver.c	Wed Nov  2 07:24:14 2016	(r308204)
+++ releng/9.3/contrib/bind9/lib/dns/resolver.c	Wed Nov  2 07:24:34 2016	(r308205)
@@ -524,7 +524,9 @@ valcreate(fetchctx_t *fctx, dns_adbaddri
 	valarg->addrinfo = addrinfo;
 
 	if (!ISC_LIST_EMPTY(fctx->validators))
-		INSIST((valoptions & DNS_VALIDATOR_DEFER) != 0);
+		valoptions |= DNS_VALIDATOR_DEFER;
+	else
+		valoptions &= ~DNS_VALIDATOR_DEFER;
 
 	result = dns_validator_create(fctx->res->view, name, type, rdataset,
 				      sigrdataset, fctx->rmessage,
@@ -4849,13 +4851,6 @@ cache_name(fetchctx_t *fctx, dns_name_t 
 							   rdataset,
 							   sigrdataset,
 							   valoptions, task);
-					/*
-					 * Defer any further validations.
-					 * This prevents multiple validators
-					 * from manipulating fctx->rmessage
-					 * simultaneously.
-					 */
-					valoptions |= DNS_VALIDATOR_DEFER;
 				}
 			} else if (CHAINING(rdataset)) {
 				if (rdataset->type == dns_rdatatype_cname)
@@ -4961,6 +4956,11 @@ cache_name(fetchctx_t *fctx, dns_name_t 
 				       eresult == DNS_R_NCACHENXRRSET);
 			}
 			event->result = eresult;
+			if (adbp != NULL && *adbp != NULL) {
+				if (anodep != NULL && *anodep != NULL)
+					dns_db_detachnode(*adbp, anodep);
+				dns_db_detach(adbp);
+			}
 			dns_db_attach(fctx->cache, adbp);
 			dns_db_transfernode(fctx->cache, &node, anodep);
 			clone_results(fctx);
@@ -5208,6 +5208,11 @@ ncache_message(fetchctx_t *fctx, dns_adb
 		fctx->attributes |= FCTX_ATTR_HAVEANSWER;
 		if (event != NULL) {
 			event->result = eresult;
+			if (adbp != NULL && *adbp != NULL) {
+				if (anodep != NULL && *anodep != NULL)
+					dns_db_detachnode(*adbp, anodep);
+				dns_db_detach(adbp);
+			}
 			dns_db_attach(fctx->cache, adbp);
 			dns_db_transfernode(fctx->cache, &node, anodep);
 			clone_results(fctx);
@@ -6016,13 +6021,15 @@ static isc_result_t
 answer_response(fetchctx_t *fctx) {
 	isc_result_t result;
 	dns_message_t *message;
-	dns_name_t *name, *dname = NULL, *qname, tname, *ns_name;
+	dns_name_t *name, *dname = NULL, *qname, *dqname, tname, *ns_name;
+	dns_name_t *cname = NULL;
 	dns_rdataset_t *rdataset, *ns_rdataset;
 	isc_boolean_t done, external, chaining, aa, found, want_chaining;
-	isc_boolean_t have_answer, found_cname, found_type, wanted_chaining;
+	isc_boolean_t have_answer, found_cname, found_dname, found_type;
+	isc_boolean_t wanted_chaining;
 	unsigned int aflag;
 	dns_rdatatype_t type;
-	dns_fixedname_t fdname, fqname;
+	dns_fixedname_t fdname, fqname, fqdname;
 	dns_view_t *view;
 
 	FCTXTRACE("answer_response");
@@ -6036,6 +6043,7 @@ answer_response(fetchctx_t *fctx) {
 
 	done = ISC_FALSE;
 	found_cname = ISC_FALSE;
+	found_dname = ISC_FALSE;
 	found_type = ISC_FALSE;
 	chaining = ISC_FALSE;
 	have_answer = ISC_FALSE;
@@ -6045,12 +6053,13 @@ answer_response(fetchctx_t *fctx) {
 		aa = ISC_TRUE;
 	else
 		aa = ISC_FALSE;
-	qname = &fctx->name;
+	dqname = qname = &fctx->name;
 	type = fctx->type;
 	view = fctx->res->view;
+	dns_fixedname_init(&fqdname);
 	result = dns_message_firstname(message, DNS_SECTION_ANSWER);
 	while (!done && result == ISC_R_SUCCESS) {
-		dns_namereln_t namereln;
+		dns_namereln_t namereln, dnamereln;
 		int order;
 		unsigned int nlabels;
 
@@ -6058,6 +6067,8 @@ answer_response(fetchctx_t *fctx) {
 		dns_message_currentname(message, DNS_SECTION_ANSWER, &name);
 		external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
 		namereln = dns_name_fullcompare(qname, name, &order, &nlabels);
+		dnamereln = dns_name_fullcompare(dqname, name, &order,
+						 &nlabels);
 		if (namereln == dns_namereln_equal) {
 			wanted_chaining = ISC_FALSE;
 			for (rdataset = ISC_LIST_HEAD(name->list);
@@ -6152,7 +6163,7 @@ answer_response(fetchctx_t *fctx) {
 					}
 				} else if (rdataset->type == dns_rdatatype_rrsig
 					   && rdataset->covers ==
-					   dns_rdatatype_cname
+					      dns_rdatatype_cname
 					   && !found_type) {
 					/*
 					 * We're looking for something else,
@@ -6182,11 +6193,18 @@ answer_response(fetchctx_t *fctx) {
 						 * a CNAME or DNAME).
 						 */
 						INSIST(!external);
-						if (aflag ==
-						    DNS_RDATASETATTR_ANSWER) {
+						if ((rdataset->type !=
+						     dns_rdatatype_cname) ||
+						    !found_dname ||
+						    (aflag ==
+						     DNS_RDATASETATTR_ANSWER))
+						{
 							have_answer = ISC_TRUE;
+							if (rdataset->type ==
+							    dns_rdatatype_cname)
+								cname = name;
 							name->attributes |=
-								DNS_NAMEATTR_ANSWER;
+							    DNS_NAMEATTR_ANSWER;
 						}
 						rdataset->attributes |= aflag;
 						if (aa)
@@ -6280,11 +6298,11 @@ answer_response(fetchctx_t *fctx) {
 					return (DNS_R_FORMERR);
 				}
 
-				if (namereln != dns_namereln_subdomain) {
+				if (dnamereln != dns_namereln_subdomain) {
 					char qbuf[DNS_NAME_FORMATSIZE];
 					char obuf[DNS_NAME_FORMATSIZE];
 
-					dns_name_format(qname, qbuf,
+					dns_name_format(dqname, qbuf,
 							sizeof(qbuf));
 					dns_name_format(name, obuf,
 							sizeof(obuf));
@@ -6299,7 +6317,7 @@ answer_response(fetchctx_t *fctx) {
 					want_chaining = ISC_TRUE;
 					POST(want_chaining);
 					aflag = DNS_RDATASETATTR_ANSWER;
-					result = dname_target(rdataset, qname,
+					result = dname_target(rdataset, dqname,
 							      nlabels, &fdname);
 					if (result == ISC_R_NOSPACE) {
 						/*
@@ -6316,10 +6334,13 @@ answer_response(fetchctx_t *fctx) {
 
 					dname = dns_fixedname_name(&fdname);
 					if (!is_answertarget_allowed(view,
-							qname, rdataset->type,
-							dname, &fctx->domain)) {
+						     dqname, rdataset->type,
+						     dname, &fctx->domain))
+					{
 						return (DNS_R_SERVFAIL);
 					}
+					dqname = dns_fixedname_name(&fqdname);
+					dns_name_copy(dname, dqname, NULL);
 				} else {
 					/*
 					 * We've found a signature that
@@ -6344,6 +6365,10 @@ answer_response(fetchctx_t *fctx) {
 					INSIST(!external);
 					if (aflag == DNS_RDATASETATTR_ANSWER) {
 						have_answer = ISC_TRUE;
+						found_dname = ISC_TRUE;
+						if (cname != NULL)
+							cname->attributes &=
+							   ~DNS_NAMEATTR_ANSWER;
 						name->attributes |=
 							DNS_NAMEATTR_ANSWER;
 					}

Modified: releng/9.3/crypto/openssl/ssl/d1_pkt.c
==============================================================================
--- releng/9.3/crypto/openssl/ssl/d1_pkt.c	Wed Nov  2 07:24:14 2016	(r308204)
+++ releng/9.3/crypto/openssl/ssl/d1_pkt.c	Wed Nov  2 07:24:34 2016	(r308205)
@@ -820,6 +820,13 @@ int dtls1_read_bytes(SSL *s, int type, u
         goto start;
     }
 
+    /*
+     * Reset the count of consecutive warning alerts if we've got a non-empty
+     * record that isn't an alert.
+     */
+    if (rr->type != SSL3_RT_ALERT && rr->length != 0)
+        s->s3->alert_count = 0;
+
     /* we now have a packet which can be read and processed */
 
     if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
@@ -1043,6 +1050,14 @@ int dtls1_read_bytes(SSL *s, int type, u
 
         if (alert_level == 1) { /* warning */
             s->s3->warn_alert = alert_descr;
+
+            s->s3->alert_count++;
+            if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) {
+                al = SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
+                goto f_err;
+            }
+
             if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
                 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
                 return (0);

Modified: releng/9.3/crypto/openssl/ssl/s3_pkt.c
==============================================================================
--- releng/9.3/crypto/openssl/ssl/s3_pkt.c	Wed Nov  2 07:24:14 2016	(r308204)
+++ releng/9.3/crypto/openssl/ssl/s3_pkt.c	Wed Nov  2 07:24:34 2016	(r308205)
@@ -922,6 +922,13 @@ int ssl3_read_bytes(SSL *s, int type, un
             return (ret);
     }
 
+    /*
+     * Reset the count of consecutive warning alerts if we've got a non-empty
+     * record that isn't an alert.
+     */
+    if (rr->type != SSL3_RT_ALERT && rr->length != 0)
+        s->s3->alert_count = 0;
+
     /* we now have a packet which can be read and processed */
 
     if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
@@ -1121,6 +1128,14 @@ int ssl3_read_bytes(SSL *s, int type, un
 
         if (alert_level == 1) { /* warning */
             s->s3->warn_alert = alert_descr;
+
+            s->s3->alert_count++;
+            if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) {
+                al = SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
+                goto f_err;
+            }
+
             if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
                 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
                 return (0);

Modified: releng/9.3/crypto/openssl/ssl/ssl.h
==============================================================================
--- releng/9.3/crypto/openssl/ssl/ssl.h	Wed Nov  2 07:24:14 2016	(r308204)
+++ releng/9.3/crypto/openssl/ssl/ssl.h	Wed Nov  2 07:24:34 2016	(r308205)
@@ -2195,6 +2195,7 @@ void ERR_load_SSL_strings(void);
 # define SSL_R_TLSV1_UNSUPPORTED_EXTENSION                1110
 # define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER       232
 # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST             227
+# define SSL_R_TOO_MANY_WARN_ALERTS                       409
 # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
 # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG    234
 # define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER            235

Modified: releng/9.3/crypto/openssl/ssl/ssl3.h
==============================================================================
--- releng/9.3/crypto/openssl/ssl/ssl3.h	Wed Nov  2 07:24:14 2016	(r308204)
+++ releng/9.3/crypto/openssl/ssl/ssl3.h	Wed Nov  2 07:24:34 2016	(r308205)
@@ -491,6 +491,8 @@ typedef struct ssl3_state_st {
     char is_probably_safari;
 #  endif                        /* !OPENSSL_NO_EC */
 # endif                         /* !OPENSSL_NO_TLSEXT */
+    /* Count of the number of consecutive warning alerts received */
+    unsigned int alert_count;
 } SSL3_STATE;
 
 /* SSLv3 */

Modified: releng/9.3/crypto/openssl/ssl/ssl_locl.h
==============================================================================
--- releng/9.3/crypto/openssl/ssl/ssl_locl.h	Wed Nov  2 07:24:14 2016	(r308204)
+++ releng/9.3/crypto/openssl/ssl/ssl_locl.h	Wed Nov  2 07:24:34 2016	(r308205)
@@ -247,6 +247,8 @@
 # define DEC32(a)        ((a)=((a)-1)&0xffffffffL)
 # define MAX_MAC_SIZE    20     /* up from 16 for SSLv3 */
 
+# define MAX_WARN_ALERT_COUNT    5
+
 /*
  * Define the Bitmasks for SSL_CIPHER.algorithms.
  * This bits are used packed as dense as possible. If new methods/ciphers

Modified: releng/9.3/sys/conf/newvers.sh
==============================================================================
--- releng/9.3/sys/conf/newvers.sh	Wed Nov  2 07:24:14 2016	(r308204)
+++ releng/9.3/sys/conf/newvers.sh	Wed Nov  2 07:24:34 2016	(r308205)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="9.3"
-BRANCH="RELEASE-p49"
+BRANCH="RELEASE-p50"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi