Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 3 Dec 2009 09:18:41 +0000 (UTC)
From:      Colin Percival <cperciva@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-6@freebsd.org
Subject:   svn commit: r200054 - head/crypto/openssl/ssl head/etc/mtree head/usr.sbin/freebsd-update releng/6.3 releng/6.3/crypto/openssl/ssl releng/6.3/etc/mtree releng/6.3/usr.sbin/freebsd-update releng/6.4...
Message-ID:  <200912030918.nB39Ifr3061875@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: cperciva
Date: Thu Dec  3 09:18:40 2009
New Revision: 200054
URL: http://svn.freebsd.org/changeset/base/200054

Log:
  Disable SSL renegotiation in order to protect against a serious
  protocol flaw. [09:15]
  
  Correctly handle failures from unsetenv resulting from a corrupt
  environment in rtld-elf. [09:16]
  
  Fix permissions in freebsd-update in order to prevent leakage of
  sensitive files. [09:17]
  
  Approved by:	so (cperciva)
  Security:	FreeBSD-SA-09:15.ssl
  Security:	FreeBSD-SA-09:16.rtld
  Security:	FreeBSD-SA-09:17.freebsd-udpate

Modified:
  stable/6/crypto/openssl/ssl/s3_lib.c
  stable/6/crypto/openssl/ssl/s3_pkt.c
  stable/6/crypto/openssl/ssl/s3_srvr.c
  stable/6/etc/mtree/BSD.var.dist
  stable/6/usr.sbin/freebsd-update/freebsd-update.sh

Changes in other areas also in this revision:
Modified:
  head/crypto/openssl/ssl/s3_lib.c
  head/crypto/openssl/ssl/s3_pkt.c
  head/crypto/openssl/ssl/s3_srvr.c
  head/etc/mtree/BSD.var.dist
  head/usr.sbin/freebsd-update/freebsd-update.sh
  releng/6.3/UPDATING
  releng/6.3/crypto/openssl/ssl/s3_lib.c
  releng/6.3/crypto/openssl/ssl/s3_pkt.c
  releng/6.3/crypto/openssl/ssl/s3_srvr.c
  releng/6.3/etc/mtree/BSD.var.dist
  releng/6.3/usr.sbin/freebsd-update/freebsd-update.sh
  releng/6.4/UPDATING
  releng/6.4/crypto/openssl/ssl/s3_lib.c
  releng/6.4/crypto/openssl/ssl/s3_pkt.c
  releng/6.4/crypto/openssl/ssl/s3_srvr.c
  releng/6.4/etc/mtree/BSD.var.dist
  releng/6.4/usr.sbin/freebsd-update/freebsd-update.sh
  releng/7.1/UPDATING
  releng/7.1/crypto/openssl/ssl/s3_lib.c
  releng/7.1/crypto/openssl/ssl/s3_pkt.c
  releng/7.1/crypto/openssl/ssl/s3_srvr.c
  releng/7.1/etc/mtree/BSD.var.dist
  releng/7.1/libexec/rtld-elf/rtld.c
  releng/7.1/usr.sbin/freebsd-update/freebsd-update.sh
  releng/7.2/UPDATING
  releng/7.2/crypto/openssl/ssl/s3_lib.c
  releng/7.2/crypto/openssl/ssl/s3_pkt.c
  releng/7.2/crypto/openssl/ssl/s3_srvr.c
  releng/7.2/etc/mtree/BSD.var.dist
  releng/7.2/libexec/rtld-elf/rtld.c
  releng/7.2/usr.sbin/freebsd-update/freebsd-update.sh
  releng/8.0/UPDATING
  releng/8.0/crypto/openssl/ssl/s3_lib.c
  releng/8.0/crypto/openssl/ssl/s3_pkt.c
  releng/8.0/crypto/openssl/ssl/s3_srvr.c
  releng/8.0/etc/mtree/BSD.var.dist
  releng/8.0/libexec/rtld-elf/rtld.c
  releng/8.0/usr.sbin/freebsd-update/freebsd-update.sh
  stable/7/crypto/openssl/ssl/s3_lib.c
  stable/7/crypto/openssl/ssl/s3_pkt.c
  stable/7/crypto/openssl/ssl/s3_srvr.c
  stable/7/etc/mtree/BSD.var.dist
  stable/7/usr.sbin/freebsd-update/freebsd-update.sh
  stable/8/crypto/openssl/ssl/s3_lib.c
  stable/8/crypto/openssl/ssl/s3_pkt.c
  stable/8/crypto/openssl/ssl/s3_srvr.c
  stable/8/etc/mtree/BSD.var.dist
  stable/8/usr.sbin/freebsd-update/freebsd-update.sh

Modified: stable/6/crypto/openssl/ssl/s3_lib.c
==============================================================================
--- stable/6/crypto/openssl/ssl/s3_lib.c	Thu Dec  3 08:11:20 2009	(r200053)
+++ stable/6/crypto/openssl/ssl/s3_lib.c	Thu Dec  3 09:18:40 2009	(r200054)
@@ -1768,6 +1768,9 @@ int ssl3_renegotiate(SSL *s)
 	if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
 		return(0);
 
+	if (1)
+		return(0);
+
 	s->s3->renegotiate=1;
 	return(1);
 	}

Modified: stable/6/crypto/openssl/ssl/s3_pkt.c
==============================================================================
--- stable/6/crypto/openssl/ssl/s3_pkt.c	Thu Dec  3 08:11:20 2009	(r200053)
+++ stable/6/crypto/openssl/ssl/s3_pkt.c	Thu Dec  3 09:18:40 2009	(r200054)
@@ -975,9 +975,7 @@ start:
 		if (s->msg_callback)
 			s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);
 
-		if (SSL_is_init_finished(s) &&
-			!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
-			!s->s3->renegotiate)
+		if (0)
 			{
 			ssl3_renegotiate(s);
 			if (ssl3_renegotiate_check(s))
@@ -1108,8 +1106,7 @@ start:
 	/* Unexpected handshake message (Client Hello, or protocol violation) */
 	if ((s->s3->handshake_fragment_len >= 4) &&	!s->in_handshake)
 		{
-		if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
-			!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
+		if (0)
 			{
 #if 0 /* worked only because C operator preferences are not as expected (and
        * because this is not really needed for clients except for detecting

Modified: stable/6/crypto/openssl/ssl/s3_srvr.c
==============================================================================
--- stable/6/crypto/openssl/ssl/s3_srvr.c	Thu Dec  3 08:11:20 2009	(r200053)
+++ stable/6/crypto/openssl/ssl/s3_srvr.c	Thu Dec  3 09:18:40 2009	(r200054)
@@ -654,6 +654,13 @@ static int ssl3_get_client_hello(SSL *s)
 	SSL_COMP *comp=NULL;
 	STACK_OF(SSL_CIPHER) *ciphers=NULL;
 
+	if (s->new_session)
+		{
+		al=SSL_AD_HANDSHAKE_FAILURE;
+		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+		goto f_err;
+		}
+
 	/* We do this so that we will respond with our native type.
 	 * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
 	 * This down switching should be handled by a different method.

Modified: stable/6/etc/mtree/BSD.var.dist
==============================================================================
--- stable/6/etc/mtree/BSD.var.dist	Thu Dec  3 08:11:20 2009	(r200053)
+++ stable/6/etc/mtree/BSD.var.dist	Thu Dec  3 09:18:40 2009	(r200054)
@@ -32,7 +32,7 @@
     db
         entropy         uname=operator gname=operator mode=0700
         ..
-        freebsd-update
+        freebsd-update  mode=0700
         ..
         ipf             mode=0700
         ..

Modified: stable/6/usr.sbin/freebsd-update/freebsd-update.sh
==============================================================================
--- stable/6/usr.sbin/freebsd-update/freebsd-update.sh	Thu Dec  3 08:11:20 2009	(r200053)
+++ stable/6/usr.sbin/freebsd-update/freebsd-update.sh	Thu Dec  3 09:18:40 2009	(r200054)
@@ -533,6 +533,7 @@ fetch_check_params () {
 		echo ${WORKDIR}
 		exit 1
 	fi
+	chmod 700 ${WORKDIR}
 	cd ${WORKDIR} || exit 1
 
 	# Generate release number.  The s/SECURITY/RELEASE/ bit exists



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912030918.nB39Ifr3061875>