From 855d29184ea88140e3c810e854607cc00a3f1806 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 18 Jan 2012 18:15:27 +0000 Subject: [PATCH] Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. Thanks to Antonio Martin, Enterprise Secure Access Research and Development, Cisco Systems, Inc. for discovering this bug and preparing a fix. (CVE-2012-0050) --- CHANGES | 16 ++++++++++++++++ apps/s_client.c | 2 +- ssl/d1_pkt.c | 17 +++++++---------- 3 files changed, 24 insertions(+), 11 deletions(-) diff --git a/CHANGES b/CHANGES index c1ecfc9b0b..bd16d8b559 100644 --- a/CHANGES +++ b/CHANGES @@ -522,6 +522,14 @@ Add command line options to s_client/s_server. [Steve Henson] + Changes between 1.0.0f and 1.0.0g [18 Jan 2012] + + *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. + Thanks to Antonio Martin, Enterprise Secure Access Research and + Development, Cisco Systems, Inc. for discovering this bug and + preparing a fix. (CVE-2012-0050) + [Antonio Martin] + Changes between 1.0.0e and 1.0.0f [4 Jan 2012] *) Nadhem Alfardan and Kenny Paterson have discovered an extension @@ -1485,6 +1493,14 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] + + Changes between 0.9.8s and 0.9.8t [18 Jan 2012] + + *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. + Thanks to Antonio Martin, Enterprise Secure Access Research and + Development, Cisco Systems, Inc. for discovering this bug and + preparing a fix. (CVE-2012-0050) + [Antonio Martin] Changes between 0.9.8r and 0.9.8s [4 Jan 2012] diff --git a/apps/s_client.c b/apps/s_client.c index dbc0700ded..0477f75224 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -2056,7 +2056,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) } #endif -#ifdef SSL_DEBUG +#if 1 { /* Print out local port of connection: useful for debugging */ int sock; diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index fdeaac8804..4dc091a20e 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -384,6 +384,7 @@ dtls1_process_record(SSL *s) unsigned int mac_size; unsigned char md[EVP_MAX_MD_SIZE]; int decryption_failed_or_bad_record_mac = 0; + unsigned char *mac = NULL; rr= &(s->s3->rrec); @@ -455,19 +456,15 @@ printf("\n"); #endif } /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ - if (rr->length < mac_size) + if (rr->length >= mac_size) { -#if 0 /* OK only for stream ciphers */ - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); - goto f_err; -#else - decryption_failed_or_bad_record_mac = 1; -#endif + rr->length -= mac_size; + mac = &rr->data[rr->length]; } - rr->length-=mac_size; + else + rr->length = 0; i=s->method->ssl3_enc->mac(s,md,0); - if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0) + if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0) { decryption_failed_or_bad_record_mac = 1; } -- 2.40.0