wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/ssl
History
Matt Caswell 7c6a3cf237 A memory leak can occur in dtls1_buffer_record if either of the calls to 
ssl3_setup_buffers or pqueue_insert fail. The former will fail if there is a
malloc failure, whilst the latter will fail if attempting to add a duplicate
record to the queue. This should never happen because duplicate records should
be detected and dropped before any attempt to add them to the queue.
Unfortunately records that arrive that are for the next epoch are not being
recorded correctly, and therefore replays are not being detected.
Additionally, these "should not happen" failures that can occur in
dtls1_buffer_record are not being treated as fatal and therefore an attacker
could exploit this by sending repeated replay records for the next epoch,
eventually causing a DoS through memory exhaustion.

Thanks to Chris Mueller for reporting this issue and providing initial
analysis and a patch. Further analysis and the final patch was performed by
Matt Caswell from the OpenSSL development team.

CVE-2015-0206

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit 652ff0f4796eecd8729b4690f2076d1c7ccb2862)
2015-01-08 15:46:42 +00:00
..
.cvsignore Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
bio_ssl.c OPENSSL_NO_SOCK fixes [from HEAD]. 2012-04-16 17:43:02 +00:00
d1_both.c Remove extraneous white space, and add some braces 2014-12-16 00:13:36 +00:00
d1_clnt.c Ensure SSL3_FLAGS_CCS_OK (or d1->change_cipher_spec_ok for DTLS) is reset 2014-11-20 15:17:36 +01:00
d1_lib.c Remove incorrect code inadvertently introduced through commit 59669b6ab. 2014-12-04 14:18:45 +00:00
d1_meth.c Dual DTLS version methods. 2013-09-18 13:46:02 +01:00
d1_pkt.c A memory leak can occur in dtls1_buffer_record if either of the calls to 2015-01-08 15:46:42 +00:00
d1_srtp.c Additional fix required for no-srtp to work 2015-01-05 14:28:40 +00:00
d1_srvr.c Only allow ephemeral RSA keys in export ciphersuites. 2015-01-06 12:45:10 +00:00
dtls1.h Remove instances in libssl of the constant 28 (for size of IPv4 header + UDP) 2014-12-03 09:31:35 +00:00
heartbeat_test.c Add conditional unit testing interface. 2014-07-24 19:42:26 +01:00
install-ssl.com Don't forget to install srtp.h as well 2012-05-10 15:01:26 +00:00
kssl.c Clear warnings/errors within KSSL_DEBUG code sections 2014-12-17 14:17:54 +01:00
kssl.h Fix for WIN32 builds with KRB5 2014-02-26 15:33:10 +00:00
kssl_lcl.h Some fixes for kerberos builds. 2009-04-21 22:20:12 +00:00
Makefile Delete unused file 2014-11-27 21:46:00 +00:00
s2_clnt.c RT2842: Remove spurious close-comment marker. 2014-09-08 10:50:33 -04:00
s2_enc.c Fix warning in ssl2_enc 2014-11-27 21:46:04 +00:00
s2_lib.c Support TLS_FALLBACK_SCSV. 2014-10-15 04:04:55 +02:00
s2_meth.c Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
s2_pkt.c Check EVP_Cipher return values for SSL2 2014-11-27 21:46:04 +00:00
s2_srvr.c Fix memory leak in s2_srvr.c if BUF_MEM_grow fails 2014-12-13 00:04:32 +00:00
s3_both.c Remove MS SGC 2015-01-02 23:01:38 +00:00
s3_cbc.c RT3066: rewrite RSA padding checks to be slightly more constant time. 2014-09-24 12:47:19 +02:00
s3_clnt.c fix error discrepancy 2015-01-07 18:10:38 +00:00
s3_enc.c Add checks to the return value of EVP_Cipher to prevent silent encryption failure. 2014-11-27 21:44:03 +00:00
s3_lib.c Clear warnings/errors within KSSL_DEBUG code sections 2014-12-17 14:17:54 +01:00
s3_meth.c New option no-ssl3-method which removes SSLv3_*method 2014-11-19 22:54:30 +00:00
s3_pkt.c Fix crash in dtls1_get_record whilst in the listen state where you get two 2015-01-08 11:20:29 +00:00
s3_srvr.c Unauthenticated DH client certificate fix. 2015-01-08 15:46:42 +00:00
s23_clnt.c Fix no-ssl3 configuration option 2014-10-15 08:54:26 -04:00
s23_lib.c Don't advertise ECC ciphersuits in SSLv2 compatible client hello. 2014-06-27 16:52:00 +01:00
s23_meth.c Backport TLS v1.2 support from HEAD. 2011-05-11 13:37:52 +00:00
s23_pkt.c Reorder inclusion of header files: 2002-07-10 07:01:54 +00:00
s23_srvr.c Fixed memory leak if BUF_MEM_grow fails 2014-12-13 00:03:58 +00:00
srtp.h Add include of ssl.h which is required by srtp.h 2014-11-27 13:17:56 +00:00
ssl-lib.com VMS fixups for 1.0.2 2015-01-07 02:15:35 +01:00
ssl.h Only allow ephemeral RSA keys in export ciphersuites. 2015-01-06 12:45:10 +00:00
ssl2.h Initial "opaque SSL" framework. If an application defines OPENSSL_NO_SSL_INTERN 2011-05-11 12:56:38 +00:00
ssl3.h Update SGC flag comment. 2015-01-02 23:12:37 +00:00
ssl23.h Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
ssl_algs.c Add AES-NI+SHA256 stitch registrations (from master). 2014-02-02 00:05:02 +01:00
ssl_asn1.c fix coverity issue 966597 - error line is not always initialised 2014-05-07 23:57:00 +01:00
ssl_cert.c Remove redundant checks in ssl_cert_dup. This was causing spurious error messages when using GOST 2014-11-27 20:51:59 +00:00
ssl_ciph.c Clear warnings/errors within KSSL_DEBUG code sections 2014-12-17 14:17:54 +01:00
ssl_conf.c Add -no_resumption_on_reneg to SSL_CONF. 2014-03-27 15:51:25 +00:00
ssl_err.c Add more meaningful OPENSSL_NO_ECDH error message for suite b mode 2014-12-16 14:17:32 +00:00
ssl_err2.c Use new-style system-id macros everywhere possible. I hope I haven't 2001-02-20 08:13:47 +00:00
ssl_lib.c Only inherit the session ID context in SSL_set_SSL_CTX if the existing 2015-01-06 23:10:03 +01:00
ssl_locl.h Remove MS SGC 2015-01-02 23:01:38 +00:00
ssl_rsa.c Rename some callbacks, fix alignment. 2014-08-28 18:10:21 +01:00
ssl_sess.c Tighten session ticket handling 2014-10-28 17:38:23 +01:00
ssl_stat.c Remove all RFC5878 code. 2014-07-04 13:42:05 +01:00
ssl_task.c Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
ssl_txt.c Provisional DTLS 1.2 support. 2013-09-18 13:46:02 +01:00
ssl_utst.c Add conditional unit testing interface. 2014-07-24 19:42:26 +01:00
ssltest.c New option no-ssl3-method which removes SSLv3_*method 2014-11-19 22:54:30 +00:00
t1_clnt.c Use appropriate versions of SSL3_ENC_METHOD 2013-09-18 13:46:02 +01:00
t1_enc.c Clear warnings/errors within TLS_DEBUG code sections 2014-12-17 14:17:54 +01:00
t1_ext.c Rename some callbacks, fix alignment. 2014-08-28 18:10:21 +01:00
t1_lib.c Fix building with no-srtp 2015-01-05 14:28:40 +00:00
t1_meth.c Use appropriate versions of SSL3_ENC_METHOD 2013-09-18 13:46:02 +01:00
t1_reneg.c Update RI to match latest spec. 2009-12-27 22:59:09 +00:00
t1_srvr.c Use appropriate versions of SSL3_ENC_METHOD 2013-09-18 13:46:02 +01:00
t1_trce.c Adding padding extension to trace code. 2014-05-20 11:22:15 +01:00
tls1.h Allow ECDHE and DHE as forward-compatible aliases for EECDH and EDH 2014-11-10 10:58:49 +01:00
tls_srp.c Check SRP parameters early. 2014-08-06 20:41:53 +01:00