Date: Mon, 18 May 2009 19:36:29 +0400 (MSD) From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/134653: [patch][vuxml] security/openssl: fix memory exhaustion in DTLS code Message-ID: <20090518153629.3E2CFDA81E@void.codelabs.ru> Resent-Message-ID: <200905181540.n4IFe1Hu047378@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 134653 >Category: ports >Synopsis: [patch][vuxml] security/openssl: fix memory exhaustion in DTLS code >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon May 18 15:40:01 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Eygene Ryabinkin >Release: FreeBSD 7.2-STABLE amd64 >Organization: Code Labs >Environment: System: FreeBSD 7.2-STABLE amd64 >Description: Two DTLS problems that lead to memory leaks were fixed by OpenSSL developers; [1], [2]. >How-To-Repeat: [1] http://rt.openssl.org/Ticket/Display.html?id=1930 [2] http://rt.openssl.org/Ticket/Display.html?id=1931 [3] http://article.gmane.org/gmane.comp.security.oss.general/1769 >Fix: The following patch brings upstream patches to the FreeBSD port: --- fix-0.9.8k.diff begins here --- >From 5f601b8118ae27f33d04142b96c7084b0f93913b Mon Sep 17 00:00:00 2001 From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> Date: Mon, 18 May 2009 17:53:10 +0400 Patches were taken directly from the OpenSSL RT bugtracker: http://rt.openssl.org/Ticket/Display.html?id=1930 http://rt.openssl.org/Ticket/Display.html?id=1931 Signed-off-by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> --- security/openssl/Makefile | 1 + security/openssl/files/patch-CVE-2009-1377 | 46 ++++++++++++++++++++++++++++ security/openssl/files/patch-CVE-2009-1378 | 22 +++++++++++++ 3 files changed, 69 insertions(+), 0 deletions(-) create mode 100644 security/openssl/files/patch-CVE-2009-1377 create mode 100644 security/openssl/files/patch-CVE-2009-1378 diff --git a/security/openssl/Makefile b/security/openssl/Makefile index 72c3f4c..65d889d 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -7,6 +7,7 @@ PORTNAME= openssl PORTVERSION= 0.9.8k +PORTREVISION= 1 CATEGORIES= security devel MASTER_SITES= http://www.openssl.org/%SUBDIR%/ \ ftp://ftp.openssl.org/%SUBDIR%/ \ diff --git a/security/openssl/files/patch-CVE-2009-1377 b/security/openssl/files/patch-CVE-2009-1377 new file mode 100644 index 0000000..9d0e941 --- /dev/null +++ b/security/openssl/files/patch-CVE-2009-1377 @@ -0,0 +1,46 @@ +Obtained-from: http://rt.openssl.org/Ticket/Attachment/22260/10159/dtls-record-buffer-bug-1.0.0.patch + +--- crypto/pqueue/pqueue.c 2005-12-20 08:03:10.000000000 +0100 ++++ crypto/pqueue/pqueue.c 2009-05-15 16:07:33.000000000 +0200 +@@ -237,3 +237,17 @@ + + return ret; + } ++ ++int ++pqueue_size(pqueue_s *pq) ++{ ++ pitem *item = pq->items; ++ int count = 0; ++ ++ while(item != NULL) ++ { ++ count++; ++ item = item->next; ++ } ++ return count; ++} + +--- crypto/pqueue/pqueue.h 2005-06-08 00:21:14.000000000 +0200 ++++ crypto/pqueue/pqueue.h 2009-05-15 16:07:03.000000000 +0200 +@@ -89,5 +89,6 @@ + pitem *pqueue_next(piterator *iter); + + void pqueue_print(pqueue pq); ++int pqueue_size(pqueue pq); + + #endif /* ! HEADER_PQUEUE_H */ + +--- ssl/d1_pkt.c 2009-04-23 18:32:40.000000000 +0200 ++++ ssl/d1_pkt.c 2009-05-15 16:06:23.000000000 +0200 +@@ -207,6 +207,10 @@ + DTLS1_RECORD_DATA *rdata; + pitem *item; + ++ /* Limit the size of the queue to prevent DOS attacks */ ++ if (pqueue_size(queue->q) >= 100) ++ return 0; ++ + rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); + item = pitem_new(priority, rdata); + if (rdata == NULL || item == NULL) diff --git a/security/openssl/files/patch-CVE-2009-1378 b/security/openssl/files/patch-CVE-2009-1378 new file mode 100644 index 0000000..9b00d55 --- /dev/null +++ b/security/openssl/files/patch-CVE-2009-1378 @@ -0,0 +1,22 @@ +Obtained-from: http://rt.openssl.org/Ticket/Attachment/22314/10203/dtls-fragment-memleak-bug.patch + +--- ssl/d1_both.c 2009-05-18 09:57:08.000000000 +0200 ++++ ssl/d1_both.c 2009-05-18 10:08:51.000000000 +0200 +@@ -561,7 +561,16 @@ + if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) + goto err; + +- if (msg_hdr->seq <= s->d1->handshake_read_seq) ++ /* Try to find item in queue, to prevent duplicate entries */ ++ pq_64bit_init(&seq64); ++ pq_64bit_assign_word(&seq64, msg_hdr->seq); ++ item = pqueue_find(s->d1->buffered_messages, seq64); ++ pq_64bit_free(&seq64); ++ ++ /* Discard the message if sequence number was already there, is ++ * too far in the future or the fragment is already in the queue */ ++ if (msg_hdr->seq <= s->d1->handshake_read_seq || ++ msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL) + { + unsigned char devnull [256]; + -- 1.6.3.1 --- fix-0.9.8k.diff ends here --- The following VuXML entry should be evaluated and added: --- vuln.xml begins here --- <vuln vid="d84b3398-43b0-11de-9b62-0022156e8794"> <topic>openssl -- Denial of Service in DTLS implementation</topic> <affects> <package> <name>openssl</name> <range><ge>0.9.8</ge><lt>0.9.8k_1</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; <p>OpenSSL developers report on the DTLS unlimited record buffer growth:</p> <blockquote cite="http://rt.openssl.org/Ticket/Display.html?id=1930">; <p>Records are buffered if they arrive with a future epoch to be processed after finishing the corresponding handshake. There is currently no limitation to this buffer allowing an attacker to perform a DOS attack with sending records with future epochs until there is no memory left.</p> </blockquote> <p>OpenSSL developers report on the DTLS fragment handling memory leak:</p> <blockquote cite="http://rt.openssl.org/Ticket/Display.html?id=1931">; <p>In dtls1_process_out_of_seq_message() the check if the current message is already buffered was missing. For every new message was memory allocated, allowing an attacker to perform an denial of service attack with sending out of seq handshake messages until there is no memory left. Additionally every future message was buffered, even if the sequence number made no sense and would be part of another handshake.</p> </blockquote> </body> </description> <references> <cvename>CVE-2009-1377</cvename> <cvename>CVE-2009-1378</cvename> <url>http://rt.openssl.org/Ticket/Display.html?id=1930</url>; <url>http://rt.openssl.org/Ticket/Display.html?id=1931</url>; </references> <dates> <discovery>2009-05-18</discovery> <entry>TODAY</entry> </dates> </vuln> --- vuln.xml ends here --- The mentioned patches also apply fine to the OpenSSL in HEAD, though more testing is needed: DTLS client and server from the base system segfaults badly on most of my attempts. I am not sure if anyone uses DTLS now, but the bug should be fixed anyway. Please, note: if anyone will want to test openssl s_client/s_server with dtls1, he should manually set MTU value via '-mtu NNNN' -- OpenSSL's MTU discovery is badly broken on FreeBSD and produces 0xFFFFFFFF as the MTU value that will be transformed into (-1) and will cause harm :(( >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090518153629.3E2CFDA81E>