| 1 | From e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e Mon Sep 17 00:00:00 2001 |
| 2 | From: Matt Caswell <matt@openssl.org> |
| 3 | Date: Fri, 14 Dec 2018 07:28:30 +0000 |
| 4 | Subject: [PATCH] Go into the error state if a fatal alert is sent or received |
| 5 | |
| 6 | If an application calls SSL_shutdown after a fatal alert has occured and |
| 7 | then behaves different based on error codes from that function then the |
| 8 | application may be vulnerable to a padding oracle. |
| 9 | |
| 10 | CVE-2019-1559 |
| 11 | |
| 12 | Reviewed-by: Richard Levitte <levitte@openssl.org> |
| 13 | --- |
| 14 | ssl/d1_pkt.c | 1 + |
| 15 | ssl/s3_pkt.c | 10 +++++++--- |
| 16 | 2 files changed, 8 insertions(+), 3 deletions(-) |
| 17 | |
| 18 | diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c |
| 19 | index 23aa9db..c7fe977 100644 |
| 20 | --- a/ssl/d1_pkt.c |
| 21 | +++ b/ssl/d1_pkt.c |
| 22 | @@ -1309,6 +1309,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) |
| 23 | ERR_add_error_data(2, "SSL alert number ", tmp); |
| 24 | s->shutdown |= SSL_RECEIVED_SHUTDOWN; |
| 25 | SSL_CTX_remove_session(s->session_ctx, s->session); |
| 26 | + s->state = SSL_ST_ERR; |
| 27 | return (0); |
| 28 | } else { |
| 29 | al = SSL_AD_ILLEGAL_PARAMETER; |
| 30 | diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c |
| 31 | index 6527df8..830b723 100644 |
| 32 | --- a/ssl/s3_pkt.c |
| 33 | +++ b/ssl/s3_pkt.c |
| 34 | @@ -1500,6 +1500,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) |
| 35 | ERR_add_error_data(2, "SSL alert number ", tmp); |
| 36 | s->shutdown |= SSL_RECEIVED_SHUTDOWN; |
| 37 | SSL_CTX_remove_session(s->session_ctx, s->session); |
| 38 | + s->state = SSL_ST_ERR; |
| 39 | return (0); |
| 40 | } else { |
| 41 | al = SSL_AD_ILLEGAL_PARAMETER; |
| 42 | @@ -1719,9 +1720,12 @@ int ssl3_send_alert(SSL *s, int level, int desc) |
| 43 | * protocol_version alerts */ |
| 44 | if (desc < 0) |
| 45 | return -1; |
| 46 | - /* If a fatal one, remove from cache */ |
| 47 | - if ((level == 2) && (s->session != NULL)) |
| 48 | - SSL_CTX_remove_session(s->session_ctx, s->session); |
| 49 | + /* If a fatal one, remove from cache and go into the error state */ |
| 50 | + if (level == SSL3_AL_FATAL) { |
| 51 | + if (s->session != NULL) |
| 52 | + SSL_CTX_remove_session(s->session_ctx, s->session); |
| 53 | + s->state = SSL_ST_ERR; |
| 54 | + } |
| 55 | |
| 56 | s->s3->alert_dispatch = 1; |
| 57 | s->s3->send_alert[0] = level; |
| 58 | -- |
| 59 | 2.7.4 |
| 60 | |