From owner-svn-src-all@freebsd.org Wed Nov 2 07:24:17 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C710BC2A079; Wed, 2 Nov 2016 07:24:17 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8E8021F3C; Wed, 2 Nov 2016 07:24:17 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id uA27OGQl078407; Wed, 2 Nov 2016 07:24:16 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id uA27OF22078392; Wed, 2 Nov 2016 07:24:15 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201611020724.uA27OF22078392@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Wed, 2 Nov 2016 07:24:15 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r308204 - in releng: 10.1 10.1/crypto/openssl/ssl 10.1/sys/conf 10.2 10.2/crypto/openssl/ssl 10.2/sys/conf X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Nov 2016 07:24:18 -0000 Author: delphij Date: Wed Nov 2 07:24:14 2016 New Revision: 308204 URL: https://svnweb.freebsd.org/changeset/base/308204 Log: Fix OpenSSL remote DoS vulnerability. [SA-16:35] Security: FreeBSD-SA-16:35.openssl Approved by: so Modified: releng/10.1/UPDATING releng/10.1/crypto/openssl/ssl/d1_pkt.c releng/10.1/crypto/openssl/ssl/s3_pkt.c releng/10.1/crypto/openssl/ssl/ssl.h releng/10.1/crypto/openssl/ssl/ssl3.h releng/10.1/crypto/openssl/ssl/ssl_locl.h releng/10.1/sys/conf/newvers.sh releng/10.2/UPDATING releng/10.2/crypto/openssl/ssl/d1_pkt.c releng/10.2/crypto/openssl/ssl/s3_pkt.c releng/10.2/crypto/openssl/ssl/ssl.h releng/10.2/crypto/openssl/ssl/ssl3.h releng/10.2/crypto/openssl/ssl/ssl_locl.h releng/10.2/sys/conf/newvers.sh Modified: releng/10.1/UPDATING ============================================================================== --- releng/10.1/UPDATING Wed Nov 2 07:23:36 2016 (r308203) +++ releng/10.1/UPDATING Wed Nov 2 07:24:14 2016 (r308204) @@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITH stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20161102 p42 FreeBSD-SA-16:35.openssl + + Fix OpenSSL remote DoS vulnerability. [SA-16:35] + 20161025 p41 FreeBSD-SA-16:15.sysarch [revised] Fix incorrect argument validation in sysarch(2). [SA-16:15] Modified: releng/10.1/crypto/openssl/ssl/d1_pkt.c ============================================================================== --- releng/10.1/crypto/openssl/ssl/d1_pkt.c Wed Nov 2 07:23:36 2016 (r308203) +++ releng/10.1/crypto/openssl/ssl/d1_pkt.c Wed Nov 2 07:24:14 2016 (r308204) @@ -924,6 +924,13 @@ int dtls1_read_bytes(SSL *s, int type, u goto start; } + /* + * Reset the count of consecutive warning alerts if we've got a non-empty + * record that isn't an alert. + */ + if (rr->type != SSL3_RT_ALERT && rr->length != 0) + s->s3->alert_count = 0; + /* we now have a packet which can be read and processed */ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, @@ -1190,6 +1197,14 @@ int dtls1_read_bytes(SSL *s, int type, u if (alert_level == SSL3_AL_WARNING) { s->s3->warn_alert = alert_descr; + + s->s3->alert_count++; + if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS); + goto f_err; + } + if (alert_descr == SSL_AD_CLOSE_NOTIFY) { #ifndef OPENSSL_NO_SCTP /* Modified: releng/10.1/crypto/openssl/ssl/s3_pkt.c ============================================================================== --- releng/10.1/crypto/openssl/ssl/s3_pkt.c Wed Nov 2 07:23:36 2016 (r308203) +++ releng/10.1/crypto/openssl/ssl/s3_pkt.c Wed Nov 2 07:24:14 2016 (r308204) @@ -1057,6 +1057,13 @@ int ssl3_read_bytes(SSL *s, int type, un return (ret); } + /* + * Reset the count of consecutive warning alerts if we've got a non-empty + * record that isn't an alert. + */ + if (rr->type != SSL3_RT_ALERT && rr->length != 0) + s->s3->alert_count = 0; + /* we now have a packet which can be read and processed */ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, @@ -1271,6 +1278,14 @@ int ssl3_read_bytes(SSL *s, int type, un if (alert_level == SSL3_AL_WARNING) { s->s3->warn_alert = alert_descr; + + s->s3->alert_count++; + if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS); + goto f_err; + } + if (alert_descr == SSL_AD_CLOSE_NOTIFY) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; return (0); Modified: releng/10.1/crypto/openssl/ssl/ssl.h ============================================================================== --- releng/10.1/crypto/openssl/ssl/ssl.h Wed Nov 2 07:23:36 2016 (r308203) +++ releng/10.1/crypto/openssl/ssl/ssl.h Wed Nov 2 07:24:14 2016 (r308204) @@ -2713,6 +2713,7 @@ void ERR_load_SSL_strings(void); # define SSL_R_TLS_HEARTBEAT_PENDING 366 # define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 +# define SSL_R_TOO_MANY_WARN_ALERTS 409 # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 # define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 Modified: releng/10.1/crypto/openssl/ssl/ssl3.h ============================================================================== --- releng/10.1/crypto/openssl/ssl/ssl3.h Wed Nov 2 07:23:36 2016 (r308203) +++ releng/10.1/crypto/openssl/ssl/ssl3.h Wed Nov 2 07:24:14 2016 (r308204) @@ -585,6 +585,8 @@ typedef struct ssl3_state_st { char is_probably_safari; # endif /* !OPENSSL_NO_EC */ # endif /* !OPENSSL_NO_TLSEXT */ + /* Count of the number of consecutive warning alerts received */ + unsigned int alert_count; } SSL3_STATE; # endif Modified: releng/10.1/crypto/openssl/ssl/ssl_locl.h ============================================================================== --- releng/10.1/crypto/openssl/ssl/ssl_locl.h Wed Nov 2 07:23:36 2016 (r308203) +++ releng/10.1/crypto/openssl/ssl/ssl_locl.h Wed Nov 2 07:24:14 2016 (r308204) @@ -389,6 +389,8 @@ */ # define SSL_MAX_DIGEST 6 +# define MAX_WARN_ALERT_COUNT 5 + # define TLS1_PRF_DGST_MASK (0xff << TLS1_PRF_DGST_SHIFT) # define TLS1_PRF_DGST_SHIFT 10 Modified: releng/10.1/sys/conf/newvers.sh ============================================================================== --- releng/10.1/sys/conf/newvers.sh Wed Nov 2 07:23:36 2016 (r308203) +++ releng/10.1/sys/conf/newvers.sh Wed Nov 2 07:24:14 2016 (r308204) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.1" -BRANCH="RELEASE-p41" +BRANCH="RELEASE-p42" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/10.2/UPDATING ============================================================================== --- releng/10.2/UPDATING Wed Nov 2 07:23:36 2016 (r308203) +++ releng/10.2/UPDATING Wed Nov 2 07:24:14 2016 (r308204) @@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITH stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20161102 p25 FreeBSD-SA-16:35.openssl + + Fix OpenSSL remote DoS vulnerability. [SA-16:35] + 20161025 p24 FreeBSD-SA-16:15.sysarch [revised] Fix incorrect argument validation in sysarch(2). [SA-16:15] Modified: releng/10.2/crypto/openssl/ssl/d1_pkt.c ============================================================================== --- releng/10.2/crypto/openssl/ssl/d1_pkt.c Wed Nov 2 07:23:36 2016 (r308203) +++ releng/10.2/crypto/openssl/ssl/d1_pkt.c Wed Nov 2 07:24:14 2016 (r308204) @@ -924,6 +924,13 @@ int dtls1_read_bytes(SSL *s, int type, u goto start; } + /* + * Reset the count of consecutive warning alerts if we've got a non-empty + * record that isn't an alert. + */ + if (rr->type != SSL3_RT_ALERT && rr->length != 0) + s->s3->alert_count = 0; + /* we now have a packet which can be read and processed */ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, @@ -1190,6 +1197,14 @@ int dtls1_read_bytes(SSL *s, int type, u if (alert_level == SSL3_AL_WARNING) { s->s3->warn_alert = alert_descr; + + s->s3->alert_count++; + if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS); + goto f_err; + } + if (alert_descr == SSL_AD_CLOSE_NOTIFY) { #ifndef OPENSSL_NO_SCTP /* Modified: releng/10.2/crypto/openssl/ssl/s3_pkt.c ============================================================================== --- releng/10.2/crypto/openssl/ssl/s3_pkt.c Wed Nov 2 07:23:36 2016 (r308203) +++ releng/10.2/crypto/openssl/ssl/s3_pkt.c Wed Nov 2 07:24:14 2016 (r308204) @@ -1057,6 +1057,13 @@ int ssl3_read_bytes(SSL *s, int type, un return (ret); } + /* + * Reset the count of consecutive warning alerts if we've got a non-empty + * record that isn't an alert. + */ + if (rr->type != SSL3_RT_ALERT && rr->length != 0) + s->s3->alert_count = 0; + /* we now have a packet which can be read and processed */ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, @@ -1271,6 +1278,14 @@ int ssl3_read_bytes(SSL *s, int type, un if (alert_level == SSL3_AL_WARNING) { s->s3->warn_alert = alert_descr; + + s->s3->alert_count++; + if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS); + goto f_err; + } + if (alert_descr == SSL_AD_CLOSE_NOTIFY) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; return (0); Modified: releng/10.2/crypto/openssl/ssl/ssl.h ============================================================================== --- releng/10.2/crypto/openssl/ssl/ssl.h Wed Nov 2 07:23:36 2016 (r308203) +++ releng/10.2/crypto/openssl/ssl/ssl.h Wed Nov 2 07:24:14 2016 (r308204) @@ -2713,6 +2713,7 @@ void ERR_load_SSL_strings(void); # define SSL_R_TLS_HEARTBEAT_PENDING 366 # define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 +# define SSL_R_TOO_MANY_WARN_ALERTS 409 # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 # define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 Modified: releng/10.2/crypto/openssl/ssl/ssl3.h ============================================================================== --- releng/10.2/crypto/openssl/ssl/ssl3.h Wed Nov 2 07:23:36 2016 (r308203) +++ releng/10.2/crypto/openssl/ssl/ssl3.h Wed Nov 2 07:24:14 2016 (r308204) @@ -585,6 +585,8 @@ typedef struct ssl3_state_st { char is_probably_safari; # endif /* !OPENSSL_NO_EC */ # endif /* !OPENSSL_NO_TLSEXT */ + /* Count of the number of consecutive warning alerts received */ + unsigned int alert_count; } SSL3_STATE; # endif Modified: releng/10.2/crypto/openssl/ssl/ssl_locl.h ============================================================================== --- releng/10.2/crypto/openssl/ssl/ssl_locl.h Wed Nov 2 07:23:36 2016 (r308203) +++ releng/10.2/crypto/openssl/ssl/ssl_locl.h Wed Nov 2 07:24:14 2016 (r308204) @@ -389,6 +389,8 @@ */ # define SSL_MAX_DIGEST 6 +# define MAX_WARN_ALERT_COUNT 5 + # define TLS1_PRF_DGST_MASK (0xff << TLS1_PRF_DGST_SHIFT) # define TLS1_PRF_DGST_SHIFT 10 Modified: releng/10.2/sys/conf/newvers.sh ============================================================================== --- releng/10.2/sys/conf/newvers.sh Wed Nov 2 07:23:36 2016 (r308203) +++ releng/10.2/sys/conf/newvers.sh Wed Nov 2 07:24:14 2016 (r308204) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.2" -BRANCH="RELEASE-p24" +BRANCH="RELEASE-p25" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi