wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/ssl
History
Matt Caswell 04685bc949 A memory leak can occur in dtls1_buffer_record if either of the calls to 
ssl3_setup_buffers or pqueue_insert fail. The former will fail if there is a
malloc failure, whilst the latter will fail if attempting to add a duplicate
record to the queue. This should never happen because duplicate records should
be detected and dropped before any attempt to add them to the queue.
Unfortunately records that arrive that are for the next epoch are not being
recorded correctly, and therefore replays are not being detected.
Additionally, these "should not happen" failures that can occur in
dtls1_buffer_record are not being treated as fatal and therefore an attacker
could exploit this by sending repeated replay records for the next epoch,
eventually causing a DoS through memory exhaustion.

Thanks to Chris Mueller for reporting this issue and providing initial
analysis and a patch. Further analysis and the final patch was performed by
Matt Caswell from the OpenSSL development team.

CVE-2015-0206

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2015-01-08 13:43:20 +00:00
..
.cvsignore Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
bio_ssl.c OPENSSL_NO_SOCK fixes [from HEAD]. 2012-04-16 17:43:15 +00:00
d1_both.c Remove extraneous white space, and add some braces 2014-12-16 00:08:04 +00:00
d1_clnt.c Checkout return value of dtls1_output_cert_chain 2014-12-15 21:27:19 +00:00
d1_enc.c Add checks to the return value of EVP_Cipher to prevent silent encryption failure. 2014-11-27 21:53:02 +00:00
d1_lib.c Remove incorrect code inadvertently introduced through commit 59669b6ab. 2014-12-04 14:21:50 +00:00
d1_meth.c Let the TLSv1_method() etc. functions return a const SSL_METHOD 2005-08-14 21:48:33 +00:00
d1_pkt.c A memory leak can occur in dtls1_buffer_record if either of the calls to 2015-01-08 13:43:20 +00:00
d1_srtp.c Fix for SRTP Memory Leak 2014-10-15 08:51:49 -04:00
d1_srvr.c Only allow ephemeral RSA keys in export ciphersuites. 2015-01-06 13:14:05 +00:00
dtls1.h Remove instances in libssl of the constant 28 (for size of IPv4 header + UDP) 2014-12-03 09:35:23 +00:00
heartbeat_test.c Add conditional unit testing interface. 2014-07-24 19:43:25 +01:00
install-ssl.com Don't forget to install srtp.h as well 2012-05-10 15:01:22 +00:00
kssl.c Clear warnings/errors within KSSL_DEBUG code sections 2014-12-17 14:27:42 +01:00
kssl.h Fix for WIN32 builds with KRB5 2014-02-26 15:33:09 +00:00
kssl_lcl.h Some fixes for kerberos builds. 2009-04-21 22:20:12 +00:00
Makefile RT3067: simplify patch 2014-09-24 15:52:41 +02:00
s2_clnt.c Add and use a constant-time memcmp. 2013-01-28 17:30:38 +00:00
s2_enc.c Fixed warning in ssl2_enc 2014-11-27 21:53:44 +00:00
s2_lib.c Support TLS_FALLBACK_SCSV. 2014-10-15 04:05:42 +02:00
s2_meth.c Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
s2_pkt.c Check EVP_Cipher return values for SSL2 2014-11-27 21:53:27 +00:00
s2_srvr.c Fix memory leak in s2_srvr.c if BUF_MEM_grow fails 2014-12-13 00:05:52 +00:00
s3_both.c [PR3597] Advance to the next state variant when reusing messages. 2014-11-28 23:31:45 +01:00
s3_cbc.c RT3066: rewrite RSA padding checks to be slightly more constant time. 2014-09-24 14:17:41 +02:00
s3_clnt.c fix error discrepancy 2015-01-07 18:10:51 +00:00
s3_enc.c Add checks to the return value of EVP_Cipher to prevent silent encryption failure. 2014-11-27 21:53:02 +00:00
s3_lib.c Clear warnings/errors within KSSL_DEBUG code sections 2014-12-17 14:27:42 +01:00
s3_meth.c New option no-ssl3-method which removes SSLv3_*method 2014-11-19 22:57:51 +00:00
s3_pkt.c Fix crash in dtls1_get_record whilst in the listen state where you get two 2015-01-08 13:43:20 +00:00
s3_srvr.c Unauthenticated DH client certificate fix. 2015-01-08 13:43:20 +00:00
s23_clnt.c Fix no-ssl3 configuration option 2014-10-15 08:51:50 -04:00
s23_lib.c Don't advertise ECC ciphersuits in SSLv2 compatible client hello. 2014-06-27 16:52:05 +01:00
s23_meth.c Backport TLS v1.2 support from HEAD. 2011-05-11 13:37:52 +00:00
s23_pkt.c Reorder inclusion of header files: 2002-07-10 07:01:54 +00:00
s23_srvr.c Fixed memory leak if BUF_MEM_grow fails 2014-12-13 00:05:52 +00:00
srtp.h Add include of ssl.h which is required by srtp.h 2014-11-27 13:19:23 +00:00
ssl-lib.com Spaces were added in some strings for better readability. However, those spaces do not belong in file names, so when picking out the individual parts, remove the spaces 2014-10-15 10:49:24 +02:00
ssl.h Only allow ephemeral RSA keys in export ciphersuites. 2015-01-06 13:14:05 +00:00
ssl2.h Initial "opaque SSL" framework. If an application defines OPENSSL_NO_SSL_INTERN 2011-05-11 12:56:38 +00:00
ssl3.h Ensure SSL3_FLAGS_CCS_OK (or d1->change_cipher_spec_ok for DTLS) is reset 2014-11-20 15:32:08 +01:00
ssl23.h Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
ssl_algs.c e_aes_cbc_hmac_sha1.c: address the CBC decrypt timing issues. 2013-02-02 19:35:09 +01:00
ssl_asn1.c fix coverity issue 966597 - error line is not always initialised 2014-05-08 00:00:08 +01:00
ssl_cert.c Remove redundant checks in ssl_cert_dup. This was causing spurious error messages when using GOST 2014-11-27 20:53:58 +00:00
ssl_ciph.c Clear warnings/errors within KSSL_DEBUG code sections 2014-12-17 14:27:42 +01:00
ssl_err.c Support TLS_FALLBACK_SCSV. 2014-10-15 04:05:42 +02:00
ssl_err2.c Use new-style system-id macros everywhere possible. I hope I haven't 2001-02-20 08:13:47 +00:00
ssl_lib.c Only inherit the session ID context in SSL_set_SSL_CTX if the existing 2015-01-06 23:10:09 +01:00
ssl_locl.h Remove instances in libssl of the constant 28 (for size of IPv4 header + UDP) 2014-12-03 09:35:23 +00:00
ssl_rsa.c Reduce version skew. 2012-06-08 09:18:47 +00:00
ssl_sess.c Tighten session ticket handling 2014-10-28 17:41:49 +01:00
ssl_stat.c Don't disable state strings with no-ssl2 2014-06-28 00:56:42 +01:00
ssl_task.c Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
ssl_txt.c Backport TLS v1.2 support from HEAD. 2011-05-11 13:37:52 +00:00
ssl_utst.c Add conditional unit testing interface. 2014-07-24 19:43:25 +01:00
ssltest.c New option no-ssl3-method which removes SSLv3_*method 2014-11-19 22:57:51 +00:00
t1_clnt.c Backport TLS v1.2 support from HEAD. 2011-05-11 13:37:52 +00:00
t1_enc.c Clear warnings/errors within TLS_DEBUG code sections 2014-12-17 14:27:42 +01:00
t1_lib.c Clear existing extension state. 2015-01-02 22:30:20 +00:00
t1_meth.c Backport TLS v1.2 support from HEAD. 2011-05-11 13:37:52 +00:00
t1_reneg.c Update RI to match latest spec. 2009-12-27 22:59:09 +00:00
t1_srvr.c Backport TLS v1.2 support from HEAD. 2011-05-11 13:37:52 +00:00
tls1.h Support TLS_FALLBACK_SCSV. 2014-10-15 04:05:42 +02:00
tls_srp.c Check SRP parameters early. 2014-08-06 20:27:51 +01:00