openssl/ssl
Matt Caswell b095884a58 A memory leak can occur in dtls1_buffer_record if either of the calls to
ssl3_setup_buffers or pqueue_insert fail. The former will fail if there is a
malloc failure, whilst the latter will fail if attempting to add a duplicate
record to the queue. This should never happen because duplicate records should
be detected and dropped before any attempt to add them to the queue.
Unfortunately records that arrive that are for the next epoch are not being
recorded correctly, and therefore replays are not being detected.
Additionally, these "should not happen" failures that can occur in
dtls1_buffer_record are not being treated as fatal and therefore an attacker
could exploit this by sending repeated replay records for the next epoch,
eventually causing a DoS through memory exhaustion.

Thanks to Chris Mueller for reporting this issue and providing initial
analysis and a patch. Further analysis and the final patch was performed by
Matt Caswell from the OpenSSL development team.

CVE-2015-0206

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit 652ff0f4796eecd8729b4690f2076d1c7ccb2862)
2015-01-08 14:14:56 +00:00
..
.cvsignore
bio_ssl.c OPENSSL_NO_SOCK fixes [from HEAD]. 2012-04-16 17:43:28 +00:00
d1_both.c Remove extraneous white space, and add some braces 2014-12-16 00:11:02 +00:00
d1_clnt.c Checkout return value of dtls1_output_cert_chain 2014-12-15 21:29:49 +00:00
d1_enc.c Add checks to the return value of EVP_Cipher to prevent silent encryption failure. 2014-11-27 21:58:31 +00:00
d1_lib.c Remove incorrect code inadvertently introduced through commit 59669b6ab. 2014-12-04 14:25:09 +00:00
d1_meth.c
d1_pkt.c A memory leak can occur in dtls1_buffer_record if either of the calls to 2015-01-08 14:14:56 +00:00
d1_srvr.c Only allow ephemeral RSA keys in export ciphersuites. 2015-01-06 13:18:46 +00:00
dtls1.h Remove instances in libssl of the constant 28 (for size of IPv4 header + UDP) 2014-12-03 09:43:47 +00:00
install-ssl.com Apply all the changes submitted by Steven M. Schweda <sms@antinode.info> 2011-03-19 09:44:53 +00:00
kssl.c Submitted by: Tomas Hoger <thoger@redhat.com> 2010-03-03 15:41:00 +00:00
kssl.h Fix for WIN32 builds with KRB5 2014-02-26 15:33:31 +00:00
kssl_lcl.h Some fixes for kerberos builds. 2009-04-21 22:20:12 +00:00
Makefile RT3067: simplify patch 2014-09-24 15:58:20 +02:00
s2_clnt.c Add and use a constant-time memcmp. 2013-02-05 16:46:15 +00:00
s2_enc.c Fixed warning in ssl2_enc 2014-11-27 21:58:32 +00:00
s2_lib.c Support TLS_FALLBACK_SCSV. 2014-10-15 04:05:57 +02:00
s2_meth.c Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
s2_pkt.c Check EVP_Cipher return values for SSL2 2014-11-27 21:58:32 +00:00
s2_srvr.c Fix memory leak in s2_srvr.c if BUF_MEM_grow fails 2014-12-13 00:06:10 +00:00
s3_both.c [PR3597] Advance to the next state variant when reusing messages. 2014-11-28 23:31:53 +01:00
s3_cbc.c RT3066: rewrite RSA padding checks to be slightly more constant time. 2014-09-24 14:35:03 +02:00
s3_clnt.c fix error discrepancy 2015-01-07 18:11:07 +00:00
s3_enc.c Add checks to the return value of EVP_Cipher to prevent silent encryption failure. 2014-11-27 21:58:31 +00:00
s3_lib.c Add OPENSSL_NO_ECDH guards 2014-12-16 10:22:20 +00:00
s3_meth.c Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
s3_pkt.c Fix crash in dtls1_get_record whilst in the listen state where you get two 2015-01-08 11:25:45 +00:00
s3_srvr.c Unauthenticated DH client certificate fix. 2015-01-08 14:14:56 +00:00
s23_clnt.c Fix no-ssl3 configuration option 2014-10-15 08:49:50 -04:00
s23_lib.c Don't advertise ECC ciphersuits in SSLv2 compatible client hello. 2014-06-27 16:52:10 +01:00
s23_meth.c recent changes from 0.9.8: fix cipher list order in s3_lib.c, 2006-01-15 17:35:28 +00:00
s23_pkt.c
s23_srvr.c Fixed memory leak if BUF_MEM_grow fails 2014-12-13 00:06:10 +00:00
ssl-lib.com Spaces were added in some strings for better readability. However, those spaces do not belong in file names, so when picking out the individual parts, remove the spaces 2014-10-15 11:32:17 +02:00
ssl.h Only allow ephemeral RSA keys in export ciphersuites. 2015-01-06 13:18:46 +00:00
ssl2.h
ssl3.h Support TLS_FALLBACK_SCSV. 2014-10-15 04:05:57 +02:00
ssl23.h
ssl_algs.c Fixups from previous commit. 2013-02-05 16:46:17 +00:00
ssl_asn1.c fix coverity issue 966597 - error line is not always initialised 2014-05-08 00:04:16 +01:00
ssl_cert.c Remove redundant checks in ssl_cert_dup. This was causing spurious error messages when using GOST 2014-11-27 20:55:52 +00:00
ssl_ciph.c Use more common name for GOST key exchange. 2014-07-14 18:31:54 +01:00
ssl_err.c Support TLS_FALLBACK_SCSV. 2014-10-15 04:05:57 +02:00
ssl_err2.c
ssl_lib.c Fix memory leak in SSL_new if errors occur. 2014-12-08 16:51:01 +00:00
ssl_locl.h Remove instances in libssl of the constant 28 (for size of IPv4 header + UDP) 2014-12-03 09:43:47 +00:00
ssl_rsa.c PR: 1411 2009-09-12 23:09:26 +00:00
ssl_sess.c PR: 2160 2010-02-01 16:49:42 +00:00
ssl_stat.c Don't disable state strings with no-ssl2 2014-06-28 00:56:59 +01:00
ssl_task.c
ssl_txt.c Update from 0.9.8-stable. 2009-06-30 22:26:28 +00:00
ssltest.c Fix in ssltest is no-ssl2 configured 2013-02-11 18:27:06 +00:00
t1_clnt.c
t1_enc.c Support TLS_FALLBACK_SCSV. 2014-10-15 04:05:57 +02:00
t1_lib.c Fix for session tickets memory leak. 2014-10-15 08:49:50 -04:00
t1_meth.c
t1_reneg.c Update RI to match latest spec. 2009-12-27 22:59:09 +00:00
t1_srvr.c
tls1.h Oops -- fix typo in coment added with TLS_FALLBACK_SCSV support. 2014-10-15 04:25:41 +02:00