Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 901373 Details for
Bug 1103586
CVE-2014-0224 openssl: SSL/TLS MITM vulnerability
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Upstream patch
openssl-CVE-2014-0224.patch (text/plain), 3.32 KB, created by
Huzaifa S. Sidhpurwala
on 2014-06-02 08:30:26 UTC
(
hide
)
Description:
Upstream patch
Filename:
MIME Type:
Creator:
Huzaifa S. Sidhpurwala
Created:
2014-06-02 08:30:26 UTC
Size:
3.32 KB
patch
obsolete
>commit a5852a6db4b36f91d6254b2d8757f125e6e8e5cb >Author: Dr. Stephen Henson <steve@openssl.org> >Date: Fri May 16 12:55:16 2014 +0100 > > Additional CVE-2014-0224 protection. > > Return a fatal error if an attempt is made to use a zero length > master secret. > >diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c >index 98c36e6..59011e3 100644 >--- a/ssl/s3_pkt.c >+++ b/ssl/s3_pkt.c >@@ -1459,7 +1459,7 @@ int ssl3_do_change_cipher_spec(SSL *s) > > if (s->s3->tmp.key_block == NULL) > { >- if (s->session == NULL) >+ if (s->session == NULL || s->session->master_key_length == 0) > { > /* might happen if dtls1_read_bytes() calls this */ > SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); > >commit eaa71076511eab5e84ed36ddecbfc6cc20a48952 >Author: Dr. Stephen Henson <steve@openssl.org> >Date: Fri May 16 12:49:48 2014 +0100 > > Fix for CVE-2014-0224 > > Only accept change cipher spec when it is expected instead of at any > time. This prevents premature setting of session keys before the master > secret is determined which an attacker could use as a MITM attack. > > Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue > and providing the initial fix this patch is based on. > >diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c >index a6b3c01..d35376d 100644 >--- a/ssl/s3_clnt.c >+++ b/ssl/s3_clnt.c >@@ -559,6 +559,7 @@ int ssl3_connect(SSL *s) > case SSL3_ST_CR_FINISHED_A: > case SSL3_ST_CR_FINISHED_B: > >+ s->s3->flags |= SSL3_FLAGS_CCS_OK; > ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, > SSL3_ST_CR_FINISHED_B); > if (ret <= 0) goto end; >diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c >index 6bc8bf9..98c36e6 100644 >--- a/ssl/s3_pkt.c >+++ b/ssl/s3_pkt.c >@@ -1316,6 +1316,15 @@ start: > goto f_err; > } > >+ if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) >+ { >+ al=SSL_AD_UNEXPECTED_MESSAGE; >+ SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY); >+ goto f_err; >+ } >+ >+ s->s3->flags &= ~SSL3_FLAGS_CCS_OK; >+ > rr->length=0; > > if (s->msg_callback) >diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c >index 4de9d19..29f8b14 100644 >--- a/ssl/s3_srvr.c >+++ b/ssl/s3_srvr.c >@@ -673,6 +673,7 @@ int ssl3_accept(SSL *s) > case SSL3_ST_SR_CERT_VRFY_A: > case SSL3_ST_SR_CERT_VRFY_B: > >+ s->s3->flags |= SSL3_FLAGS_CCS_OK; > /* we should decide if we expected this one */ > ret=ssl3_get_cert_verify(s); > if (ret <= 0) goto end; >@@ -700,6 +701,7 @@ int ssl3_accept(SSL *s) > > case SSL3_ST_SR_FINISHED_A: > case SSL3_ST_SR_FINISHED_B: >+ s->s3->flags |= SSL3_FLAGS_CCS_OK; > ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, > SSL3_ST_SR_FINISHED_B); > if (ret <= 0) goto end; >@@ -770,7 +772,10 @@ int ssl3_accept(SSL *s) > s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; > #else > if (s->s3->next_proto_neg_seen) >+ { >+ s->s3->flags |= SSL3_FLAGS_CCS_OK; > s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A; >+ } > else > s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; > #endif >diff --git a/ssl/ssl3.h b/ssl/ssl3.h >index cb8b249..4ac4199 100644 >--- a/ssl/ssl3.h >+++ b/ssl/ssl3.h >@@ -388,6 +388,7 @@ typedef struct ssl3_buffer_st > #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 > #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 > #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 >+#define SSL3_FLAGS_CCS_OK 0x0040 > > /* SSL3_FLAGS_SGC_RESTART_DONE is set when we > * restart a handshake because of MS SGC and so prevents us >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1103586
: 901373