wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/ssl
History
Matt Caswell 98ece4eebf Fix race condition in NewSessionTicket 
If a NewSessionTicket is received by a multi-threaded client when
attempting to reuse a previous ticket then a race condition can occur
potentially leading to a double free of the ticket data.

CVE-2015-1791

This also fixes RT#3808 where a session ID is changed for a session already
in the client session cache. Since the session ID is the key to the cache
this breaks the cache access.

Parts of this patch were inspired by this Akamai change:
c0bf69a791

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-02 09:30:12 +01:00
..
record Remove struct ccs_header_st 2015-05-29 16:24:42 +01:00
bio_ssl.c memset, memcpy, sizeof consistency fixes 2015-05-05 22:18:59 -04:00
d1_both.c Check the message type requested is the type received in DTLS 2015-06-01 00:30:15 +01:00
d1_clnt.c Remove support for OPENSSL_NO_TLSEXT 2015-05-22 23:10:51 +01:00
d1_lib.c memset, memcpy, sizeof consistency fixes 2015-05-05 22:18:59 -04:00
d1_meth.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
d1_msg.c memset, memcpy, sizeof consistency fixes 2015-05-05 22:18:59 -04:00
d1_srtp.c Use p==NULL not !p (in if statements, mainly) 2015-05-11 10:06:38 -04:00
d1_srvr.c Remove support for OPENSSL_NO_TLSEXT 2015-05-22 23:10:51 +01:00
install-ssl.com Updates following review comments 2015-05-16 09:20:52 +01:00
Makefile Fix the update target and remove duplicate file updates 2015-05-22 18:44:33 +02:00
s3_both.c Updates following review comments 2015-05-16 09:20:52 +01:00
s3_cbc.c Identify and move OpenSSL internal header files 2015-05-14 15:13:49 +02:00
s3_clnt.c Fix race condition in NewSessionTicket 2015-06-02 09:30:12 +01:00
s3_enc.c clear/cleanse cleanup 2015-05-30 12:28:05 -04:00
s3_lib.c Remove export static DH ciphersuites 2015-05-22 23:58:52 +01:00
s3_msg.c Introduce the functions RECORD_LAYER_release, RECORD_LAYER_read_pending, and 2015-03-26 15:01:59 +00:00
s3_srvr.c clear/cleanse cleanup 2015-05-30 12:28:05 -04:00
ssl-lib.com Move SSLv3_*method() functions 2015-05-16 09:20:58 +01:00
ssl_algs.c Fix missing return value checks 2015-03-23 15:23:11 +00:00
ssl_asn1.c Remove support for OPENSSL_NO_TLSEXT 2015-05-22 23:10:51 +01:00
ssl_cert.c Add CHANGES entry for OPENSSL_NO_TLSEXT removal 2015-05-22 23:11:22 +01:00
ssl_ciph.c Remove Kerberos support from libssl 2015-05-13 15:07:57 +01:00
ssl_conf.c Remove support for OPENSSL_NO_TLSEXT 2015-05-22 23:10:51 +01:00
ssl_err.c Fix race condition in NewSessionTicket 2015-06-02 09:30:12 +01:00
ssl_err2.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
ssl_lib.c Change return type of the new accessors 2015-05-28 16:55:15 +01:00
ssl_locl.h Fix race condition in NewSessionTicket 2015-06-02 09:30:12 +01:00
ssl_rsa.c Remove support for OPENSSL_NO_TLSEXT 2015-05-22 23:10:51 +01:00
ssl_sess.c Fix race condition in NewSessionTicket 2015-06-02 09:30:12 +01:00
ssl_stat.c Version negotiation rewrite cleanup 2015-05-16 09:20:38 +01:00
ssl_txt.c Remove support for OPENSSL_NO_TLSEXT 2015-05-22 23:10:51 +01:00
ssl_utst.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
t1_clnt.c Move SSLv3_*method() functions 2015-05-16 09:20:58 +01:00
t1_enc.c Silence Clang warning about unit'd variable 2015-05-31 17:58:36 -04:00
t1_ext.c Remove support for OPENSSL_NO_TLSEXT 2015-05-22 23:10:51 +01:00
t1_lib.c Don't check for a negative SRP extension size 2015-05-26 10:35:29 +01:00
t1_meth.c Move SSLv3_*method() functions 2015-05-16 09:20:58 +01:00
t1_reneg.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
t1_srvr.c Move SSLv3_*method() functions 2015-05-16 09:20:58 +01:00
t1_trce.c Remove Kerberos support from libssl 2015-05-13 15:07:57 +01:00
tls_srp.c Use #error in openssl/srp.h 2015-05-15 08:16:21 -04:00