Apply by doing: cd /usr/src patch -p0 < 013_ssl.patch And then rebuild and install libssl and libcrypto: rm -fr /usr/obj/lib/libssl cd lib/libssl make obj cleandir make -f Makefile.bsd-wrapper prereq make -f Makefile.bsd-wrapper includes make -f Makefile.bsd-wrapper make -f Makefile.bsd-wrapper install This is the second revision of this patch. Index: lib/libssl/src/CHANGES =================================================================== RCS file: /cvs/src/lib/libssl/src/CHANGES,v retrieving revision 1.5 diff -u -r1.5 CHANGES --- lib/libssl/src/CHANGES 2001/08/01 19:51:16 1.5 +++ lib/libssl/src/CHANGES 2002/07/30 08:48:55 @@ -2,6 +2,35 @@ OpenSSL CHANGES _______________ + Changes in security patch + +Changes marked "(CHATS)" were sponsored by the Defense Advanced +Research Projects Agency (DARPA) and Air Force Research Laboratory, +Air Force Materiel Command, USAF, under agreement number +F30602-01-2-0537. + + *) Add various sanity checks to asn1_get_length() to reject + the ASN1 length bytes if they exceed sizeof(long), will appear + negative or the content length exceeds the length of the + supplied buffer. + [Steve Henson, Adi Stav , James Yonan ] + + *) Assertions for various potential buffer overflows, not known to + happen in practice. + [Ben Laurie (CHATS)] + + *) Various temporary buffers to hold ASCII versions of integers were + too small for 64 bit platforms. (CAN-2002-0655) + [Matthew Byng-Maddick and Ben Laurie (CHATS)> + + *) Remote buffer overflow in SSL3 protocol - an attacker could + supply an oversized session ID to a client. (CAN-2002-0656) + [Ben Laurie (CHATS)] + + *) Remote buffer overflow in SSL2 protocol - an attacker could + supply an oversized client master key. (CAN-2002-0656) + [Ben Laurie (CHATS)] + Changes between 0.9.6a and 0.9.6b [9 Jul 2001] *) Change ssleay_rand_bytes (crypto/rand/md_rand.c) Index: lib/libssl/src/crypto/cryptlib.h =================================================================== RCS file: /cvs/src/lib/libssl/src/crypto/cryptlib.h,v retrieving revision 1.3 diff -u -r1.3 cryptlib.h --- lib/libssl/src/crypto/cryptlib.h 2000/12/15 02:57:02 1.3 +++ lib/libssl/src/crypto/cryptlib.h 2002/07/30 08:48:55 @@ -89,6 +89,10 @@ #define X509_CERT_DIR_EVP "SSL_CERT_DIR" #define X509_CERT_FILE_EVP "SSL_CERT_FILE" +/* size of string represenations */ +#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) +#define HEX_SIZE(type) ((sizeof(type)*2) + #ifdef __cplusplus } #endif Index: lib/libssl/src/crypto/asn1/asn1_lib.c =================================================================== RCS file: /cvs/src/lib/libssl/src/crypto/asn1/asn1_lib.c,v retrieving revision 1.5 retrieving revision 1.5.4.2 diff -u -r1.5 -r1.5.4.2 --- lib/libssl/src/crypto/asn1/asn1_lib.c 22 Jun 2001 00:02:55 -0000 1.5 +++ lib/libssl/src/crypto/asn1/asn1_lib.c 5 Aug 2002 19:23:24 -0000 1.5.4.2 @@ -57,6 +57,7 @@ */ #include +#include #include "cryptlib.h" #include #include @@ -124,15 +125,13 @@ (int)(omax+ *pp)); #endif -#if 0 - if ((p+ *plength) > (omax+ *pp)) + if (*plength > (omax - (p - *pp))) { ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG); /* Set this so that even if things are not long enough * the values are set correctly */ ret|=0x80; } -#endif *pp=p; return(ret|inf); err: @@ -143,7 +142,7 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) { unsigned char *p= *pp; - long ret=0; + unsigned long ret=0; int i; if (max-- < 1) return(0); @@ -159,6 +158,8 @@ i= *p&0x7f; if (*(p++) & 0x80) { + if (i > sizeof(long)) + return 0; if (max-- == 0) return(0); while (i-- > 0) { @@ -170,8 +171,10 @@ else ret=i; } + if (ret > LONG_MAX) + return 0; *pp=p; - *rl=ret; + *rl=(long)ret; return(1); } @@ -407,7 +410,7 @@ void asn1_add_error(unsigned char *address, int offset) { - char buf1[16],buf2[16]; + char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1]; sprintf(buf1,"%lu",(unsigned long)address); sprintf(buf2,"%d",offset); Index: lib/libssl/src/crypto/conf/conf_def.c =================================================================== RCS file: /cvs/src/lib/libssl/src/crypto/conf/conf_def.c,v retrieving revision 1.1 diff -u -r1.1 conf_def.c --- lib/libssl/src/crypto/conf/conf_def.c 2000/12/15 02:57:27 1.1 +++ lib/libssl/src/crypto/conf/conf_def.c 2002/07/30 08:48:55 @@ -67,6 +67,7 @@ #include "conf_def.h" #include #include +#include "cryptlib.h" static char *eat_ws(CONF *conf, char *p); static char *eat_alpha_numeric(CONF *conf, char *p); @@ -180,12 +181,12 @@ static int def_load(CONF *conf, BIO *in, long *line) { #define BUFSIZE 512 - char btmp[16]; int bufnum=0,i,ii; BUF_MEM *buff=NULL; char *s,*p,*end; int again,n; long eline=0; + char btmp[DECIMAL_SIZE(eline)+1]; CONF_VALUE *v=NULL,*tv; CONF_VALUE *sv=NULL; char *section=NULL,*buf; Index: lib/libssl/src/crypto/objects/obj_dat.c =================================================================== RCS file: /cvs/src/lib/libssl/src/crypto/objects/obj_dat.c,v retrieving revision 1.4 diff -u -r1.4 obj_dat.c --- lib/libssl/src/crypto/objects/obj_dat.c 2000/12/15 02:57:53 1.4 +++ lib/libssl/src/crypto/objects/obj_dat.c 2002/07/30 08:48:56 @@ -428,7 +428,7 @@ unsigned long l; unsigned char *p; const char *s; - char tbuf[32]; + char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2]; if (buf_len <= 0) return(0); Index: lib/libssl/src/ssl/s2_clnt.c =================================================================== RCS file: /cvs/src/lib/libssl/src/ssl/s2_clnt.c,v retrieving revision 1.5 diff -u -r1.5 s2_clnt.c --- lib/libssl/src/ssl/s2_clnt.c 2001/06/22 00:03:39 1.5 +++ lib/libssl/src/ssl/s2_clnt.c 2002/07/30 08:48:56 @@ -63,6 +63,7 @@ #include #include #include +#include "ssl_locl.h" static SSL_METHOD *ssl2_get_client_method(int ver); static int get_server_finished(SSL *s); @@ -458,6 +459,7 @@ } s->s2->conn_id_length=s->s2->tmp.conn_id_length; + die(s->s2->conn_id_length <= sizeof s->s2->conn_id); memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length); return(1); } @@ -559,6 +561,7 @@ /* make key_arg data */ i=EVP_CIPHER_iv_length(c); sess->key_arg_length=i; + die(i <= SSL_MAX_KEY_ARG_LENGTH); if (i > 0) RAND_pseudo_bytes(sess->key_arg,i); /* make a master key */ @@ -566,6 +569,7 @@ sess->master_key_length=i; if (i > 0) { + die(i <= sizeof sess->master_key); if (RAND_bytes(sess->master_key,i) <= 0) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); @@ -609,6 +613,7 @@ d+=enc; karg=sess->key_arg_length; s2n(karg,p); /* key arg size */ + die(karg <= sizeof sess->key_arg); memcpy(d,sess->key_arg,(unsigned int)karg); d+=karg; @@ -629,6 +634,7 @@ { p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_CLIENT_FINISHED; + die(s->s2->conn_id_length <= sizeof s->s2->conn_id); memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length); s->state=SSL2_ST_SEND_CLIENT_FINISHED_B; @@ -878,6 +884,8 @@ { if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) { + die(s->session->session_id_length + <= sizeof s->session->session_id); if (memcmp(buf,s->session->session_id, (unsigned int)s->session->session_id_length) != 0) { Index: lib/libssl/src/ssl/s2_lib.c =================================================================== RCS file: /cvs/src/lib/libssl/src/ssl/s2_lib.c,v retrieving revision 1.5 diff -u -r1.5 s2_lib.c --- lib/libssl/src/ssl/s2_lib.c 2001/06/22 00:03:39 1.5 +++ lib/libssl/src/ssl/s2_lib.c 2002/07/30 08:48:56 @@ -62,6 +62,7 @@ #include #include #include +#include "ssl_locl.h" static long ssl2_default_timeout(void ); const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; @@ -425,10 +426,14 @@ #endif km=s->s2->key_material; + die(s->s2->key_material_length <= sizeof s->s2->key_material); for (i=0; is2->key_material_length; i+=MD5_DIGEST_LENGTH) { MD5_Init(&ctx); + die(s->session->master_key_length >= 0 + && s->session->master_key_length + < sizeof s->session->master_key); MD5_Update(&ctx,s->session->master_key,s->session->master_key_length); MD5_Update(&ctx,&c,1); c++; @@ -463,6 +468,7 @@ /* state=s->rwstate;*/ error=s->error; s->error=0; + die(error >= 0 && error <= 3); i=ssl2_write(s,&(buf[3-error]),error); /* if (i == error) s->rwstate=state; */ Index: lib/libssl/src/ssl/s2_srvr.c =================================================================== RCS file: /cvs/src/lib/libssl/src/ssl/s2_srvr.c,v retrieving revision 1.5 diff -u -r1.5 s2_srvr.c --- lib/libssl/src/ssl/s2_srvr.c 2001/08/01 19:51:17 1.5 +++ lib/libssl/src/ssl/s2_srvr.c 2002/07/30 08:48:57 @@ -63,6 +63,7 @@ #include #include #include +#include "ssl_locl.h" static SSL_METHOD *ssl2_get_server_method(int ver); static int get_client_master_key(SSL *s); @@ -361,12 +362,19 @@ n2s(p,i); s->s2->tmp.clear=i; n2s(p,i); s->s2->tmp.enc=i; n2s(p,i); s->session->key_arg_length=i; + if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) + { + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, + SSL_R_KEY_ARG_TOO_LONG); + return -1; + } s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; s->init_num=0; } /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */ p=(unsigned char *)s->init_buf->data; + die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER); keya=s->session->key_arg_length; n=s->s2->tmp.clear+s->s2->tmp.enc+keya - s->init_num; i=ssl2_read(s,(char *)&(p[s->init_num]),n); @@ -440,6 +448,7 @@ #endif if (is_export) i+=s->s2->tmp.clear; + die(i <= SSL_MAX_MASTER_KEY_LENGTH); s->session->master_key_length=i; memcpy(s->session->master_key,p,(unsigned int)i); return(1); @@ -580,6 +589,7 @@ p+=s->s2->tmp.session_id_length; /* challenge */ + die(s->s2->challenge_length <= sizeof s->s2->challenge); memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length); return(1); mem_err: @@ -730,6 +740,7 @@ } /* SSL2_ST_GET_CLIENT_FINISHED_B */ + die(s->s2->conn_id_length <= sizeof s->s2->conn_id); i=ssl2_read(s,(char *)&(p[s->init_num]),s->s2->conn_id_length-s->init_num); if (i < (int)s->s2->conn_id_length-s->init_num) { @@ -752,6 +763,7 @@ { p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_SERVER_VERIFY; + die(s->s2->challenge_length <= sizeof s->s2->challenge); memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length); /* p+=s->s2->challenge_length; */ @@ -771,6 +783,8 @@ p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_SERVER_FINISHED; + die(s->session->session_id_length + <= sizeof s->session->session_id); memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length); /* p+=s->session->session_id_length; */ Index: lib/libssl/src/ssl/s3_clnt.c =================================================================== RCS file: /cvs/src/lib/libssl/src/ssl/s3_clnt.c,v retrieving revision 1.6 diff -u -r1.6 s3_clnt.c --- lib/libssl/src/ssl/s3_clnt.c 2001/06/22 00:03:40 1.6 +++ lib/libssl/src/ssl/s3_clnt.c 2002/07/30 08:48:57 @@ -64,6 +64,7 @@ #include #include #include "ssl_locl.h" +#include "ssl_locl.h" static SSL_METHOD *ssl3_get_client_method(int ver); static int ssl3_client_hello(SSL *s); @@ -492,6 +493,7 @@ *(p++)=i; if (i != 0) { + die(i <= sizeof s->session->session_id); memcpy(p,s->session->session_id,i); p+=i; } @@ -572,6 +574,14 @@ /* get the session-id */ j= *(p++); + + if(j > sizeof s->session->session_id) + { + al=SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_SSL3_SESSION_ID_TOO_LONG); + goto f_err; + } if ((j != 0) && (j != SSL3_SESSION_ID_SIZE)) { Index: lib/libssl/src/ssl/s3_srvr.c =================================================================== RCS file: /cvs/src/lib/libssl/src/ssl/s3_srvr.c,v retrieving revision 1.7 diff -u -r1.7 s3_srvr.c --- lib/libssl/src/ssl/s3_srvr.c 2001/08/01 19:51:17 1.7 +++ lib/libssl/src/ssl/s3_srvr.c 2002/07/30 08:48:58 @@ -69,6 +69,7 @@ #include #include #include "ssl_locl.h" +#include "ssl_locl.h" static SSL_METHOD *ssl3_get_server_method(int ver); static int ssl3_get_client_hello(SSL *s); @@ -863,6 +864,7 @@ s->session->session_id_length=0; sl=s->session->session_id_length; + die(sl <= sizeof s->session->session_id); *(p++)=sl; memcpy(p,s->session->session_id,sl); p+=sl; Index: lib/libssl/src/ssl/ssl.h =================================================================== RCS file: /cvs/src/lib/libssl/src/ssl/ssl.h,v retrieving revision 1.6 diff -u -r1.6 ssl.h --- lib/libssl/src/ssl/ssl.h 2001/06/22 00:03:40 1.6 +++ lib/libssl/src/ssl/ssl.h 2002/07/30 08:48:59 @@ -1418,6 +1418,7 @@ #define SSL_R_INVALID_COMMAND 280 #define SSL_R_INVALID_PURPOSE 278 #define SSL_R_INVALID_TRUST 279 +#define SSL_R_KEY_ARG_TOO_LONG 1112 #define SSL_R_LENGTH_MISMATCH 159 #define SSL_R_LENGTH_TOO_SHORT 160 #define SSL_R_LIBRARY_BUG 274 @@ -1485,6 +1486,7 @@ #define SSL_R_SHORT_READ 219 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 +#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113 #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 Index: lib/libssl/src/ssl/ssl_asn1.c =================================================================== RCS file: /cvs/src/lib/libssl/src/ssl/ssl_asn1.c,v retrieving revision 1.4 diff -u -r1.4 ssl_asn1.c --- lib/libssl/src/ssl/ssl_asn1.c 2000/12/15 02:58:40 1.4 +++ lib/libssl/src/ssl/ssl_asn1.c 2002/07/30 08:48:59 @@ -275,6 +275,7 @@ os.length=i; ret->session_id_length=os.length; + die(os.length <= sizeof ret->session_id); memcpy(ret->session_id,os.data,os.length); M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); Index: lib/libssl/src/ssl/ssl_err.c =================================================================== RCS file: /cvs/src/lib/libssl/src/ssl/ssl_err.c,v retrieving revision 1.6 diff -u -r1.6 ssl_err.c --- lib/libssl/src/ssl/ssl_err.c 2001/06/22 00:03:41 1.6 +++ lib/libssl/src/ssl/ssl_err.c 2002/07/30 08:49:00 @@ -1,6 +1,6 @@ /* ssl/ssl_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -273,6 +273,7 @@ {SSL_R_INVALID_COMMAND ,"invalid command"}, {SSL_R_INVALID_PURPOSE ,"invalid purpose"}, {SSL_R_INVALID_TRUST ,"invalid trust"}, +{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"}, {SSL_R_LENGTH_MISMATCH ,"length mismatch"}, {SSL_R_LENGTH_TOO_SHORT ,"length too short"}, {SSL_R_LIBRARY_BUG ,"library bug"}, @@ -340,6 +341,7 @@ {SSL_R_SHORT_READ ,"short read"}, {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"}, {SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"}, +{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"}, {SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"}, {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"}, {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"}, Index: lib/libssl/src/ssl/ssl_lib.c =================================================================== RCS file: /cvs/src/lib/libssl/src/ssl/ssl_lib.c,v retrieving revision 1.6 diff -u -r1.6 ssl_lib.c --- lib/libssl/src/ssl/ssl_lib.c 2001/06/22 00:03:41 1.6 +++ lib/libssl/src/ssl/ssl_lib.c 2002/07/30 08:49:01 @@ -2072,3 +2072,10 @@ IMPLEMENT_STACK_OF(SSL_CIPHER) IMPLEMENT_STACK_OF(SSL_COMP) + +void OpenSSLDie(const char *file,int line,const char *assertion) + { + fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n", + file,line,assertion); + abort(); + } Index: lib/libssl/src/ssl/ssl_locl.h =================================================================== RCS file: /cvs/src/lib/libssl/src/ssl/ssl_locl.h,v retrieving revision 1.5 diff -u -r1.5 ssl_locl.h --- lib/libssl/src/ssl/ssl_locl.h 2001/06/22 00:03:41 1.5 +++ lib/libssl/src/ssl/ssl_locl.h 2002/07/30 08:49:02 @@ -605,5 +605,8 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +/* die if we have to */ +void OpenSSLDie(const char *file,int line,const char *assertion); +#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) #endif Index: lib/libssl/src/ssl/ssl_sess.c =================================================================== RCS file: /cvs/src/lib/libssl/src/ssl/ssl_sess.c,v retrieving revision 1.5 diff -u -r1.5 ssl_sess.c --- lib/libssl/src/ssl/ssl_sess.c 2001/06/22 00:03:41 1.5 +++ lib/libssl/src/ssl/ssl_sess.c 2002/07/30 08:49:02 @@ -199,6 +199,7 @@ ss->session_id_length=0; } + die(s->sid_ctx_length <= sizeof ss->sid_ctx); memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); ss->sid_ctx_length=s->sid_ctx_length; s->session=ss;