gnu/packages/patches/openssl-CVE-2016-2177.patch

   1 Fix CVE-2016-2177.
   2
   3 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177>
   4
   5 Source:
   6 <https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7>
   7
   8 From a004e72b95835136d3f1ea90517f706c24c03da7 Mon Sep 17 00:00:00 2001
   9 From: Matt Caswell <matt@openssl.org>
  10 Date: Thu, 5 May 2016 11:10:26 +0100
  11 Subject: [PATCH] Avoid some undefined pointer arithmetic
  12
  13 A common idiom in the codebase is:
  14
  15 if (p + len > limit)
  16 {
  17     return; /* Too long */
  18 }
  19
  20 Where "p" points to some malloc'd data of SIZE bytes and
  21 limit == p + SIZE
  22
  23 "len" here could be from some externally supplied data (e.g. from a TLS
  24 message).
  25
  26 The rules of C pointer arithmetic are such that "p + len" is only well
  27 defined where len <= SIZE. Therefore the above idiom is actually
  28 undefined behaviour.
  29
  30 For example this could cause problems if some malloc implementation
  31 provides an address for "p" such that "p + len" actually overflows for
  32 values of len that are too big and therefore p + len < limit!
  33
  34 Issue reported by Guido Vranken.
  35
  36 CVE-2016-2177
  37
  38 Reviewed-by: Rich Salz <rsalz@openssl.org>
  39 ---
  40  ssl/s3_srvr.c  | 14 +++++++-------
  41  ssl/ssl_sess.c |  2 +-
  42  ssl/t1_lib.c   | 56 ++++++++++++++++++++++++++++++--------------------------
  43  3 files changed, 38 insertions(+), 34 deletions(-)
  44
  45 diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
  46 index ab28702..ab7f690 100644
  47 --- a/ssl/s3_srvr.c
  48 +++ b/ssl/s3_srvr.c
  49 @@ -980,7 +980,7 @@ int ssl3_get_client_hello(SSL *s)
  50
  51          session_length = *(p + SSL3_RANDOM_SIZE);
  52
  53 -        if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) {
  54 +        if (SSL3_RANDOM_SIZE + session_length + 1 >= (d + n) - p) {
  55              al = SSL_AD_DECODE_ERROR;
  56              SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
  57              goto f_err;
  58 @@ -998,7 +998,7 @@ int ssl3_get_client_hello(SSL *s)
  59      /* get the session-id */
  60      j = *(p++);
  61
  62 -    if (p + j > d + n) {
  63 +    if ((d + n) - p < j) {
  64          al = SSL_AD_DECODE_ERROR;
  65          SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
  66          goto f_err;
  67 @@ -1054,14 +1054,14 @@ int ssl3_get_client_hello(SSL *s)
  68
  69      if (SSL_IS_DTLS(s)) {
  70          /* cookie stuff */
  71 -        if (p + 1 > d + n) {
  72 +        if ((d + n) - p < 1) {
  73              al = SSL_AD_DECODE_ERROR;
  74              SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
  75              goto f_err;
  76          }
  77          cookie_len = *(p++);
  78
  79 -        if (p + cookie_len > d + n) {
  80 +        if ((d + n ) - p < cookie_len) {
  81              al = SSL_AD_DECODE_ERROR;
  82              SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
  83              goto f_err;
  84 @@ -1131,7 +1131,7 @@ int ssl3_get_client_hello(SSL *s)
  85          }
  86      }
  87
  88 -    if (p + 2 > d + n) {
  89 +    if ((d + n ) - p < 2) {
  90          al = SSL_AD_DECODE_ERROR;
  91          SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
  92          goto f_err;
  93 @@ -1145,7 +1145,7 @@ int ssl3_get_client_hello(SSL *s)
  94      }
  95
  96      /* i bytes of cipher data + 1 byte for compression length later */
  97 -    if ((p + i + 1) > (d + n)) {
  98 +    if ((d + n) - p < i + 1) {
  99          /* not enough data */
 100          al = SSL_AD_DECODE_ERROR;
 101          SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
 102 @@ -1211,7 +1211,7 @@ int ssl3_get_client_hello(SSL *s)
 103
 104      /* compression */
 105      i = *(p++);
 106 -    if ((p + i) > (d + n)) {
 107 +    if ((d + n) - p < i) {
 108          /* not enough data */
 109          al = SSL_AD_DECODE_ERROR;
 110          SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
 111 diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
 112 index b182998..54ee783 100644
 113 --- a/ssl/ssl_sess.c
 114 +++ b/ssl/ssl_sess.c
 115 @@ -573,7 +573,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
 116      int r;
 117  #endif
 118
 119 -    if (session_id + len > limit) {
 120 +    if (limit - session_id < len) {
 121          fatal = 1;
 122          goto err;
 123      }
 124 diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
 125 index fb64607..cdac011 100644
 126 --- a/ssl/t1_lib.c
 127 +++ b/ssl/t1_lib.c
 128 @@ -1867,11 +1867,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
 129          0x02, 0x03,             /* SHA-1/ECDSA */
 130      };
 131
 132 -    if (data >= (limit - 2))
 133 +    if (limit - data <= 2)
 134          return;
 135      data += 2;
 136
 137 -    if (data > (limit - 4))
 138 +    if (limit - data < 4)
 139          return;
 140      n2s(data, type);
 141      n2s(data, size);
 142 @@ -1879,7 +1879,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
 143      if (type != TLSEXT_TYPE_server_name)
 144          return;
 145
 146 -    if (data + size > limit)
 147 +    if (limit - data < size)
 148          return;
 149      data += size;
 150
 151 @@ -1887,7 +1887,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
 152          const size_t len1 = sizeof(kSafariExtensionsBlock);
 153          const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
 154
 155 -        if (data + len1 + len2 != limit)
 156 +        if (limit - data != (int)(len1 + len2))
 157              return;
 158          if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
 159              return;
 160 @@ -1896,7 +1896,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
 161      } else {
 162          const size_t len = sizeof(kSafariExtensionsBlock);
 163
 164 -        if (data + len != limit)
 165 +        if (limit - data != (int)(len))
 166              return;
 167          if (memcmp(data, kSafariExtensionsBlock, len) != 0)
 168              return;
 169 @@ -2053,19 +2053,19 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
 170      if (data == limit)
 171          goto ri_check;
 172
 173 -    if (data > (limit - 2))
 174 +    if (limit - data < 2)
 175          goto err;
 176
 177      n2s(data, len);
 178
 179 -    if (data + len != limit)
 180 +    if (limit - data != len)
 181          goto err;
 182
 183 -    while (data <= (limit - 4)) {
 184 +    while (limit - data >= 4) {
 185          n2s(data, type);
 186          n2s(data, size);
 187
 188 -        if (data + size > (limit))
 189 +        if (limit - data < size)
 190              goto err;
 191  # if 0
 192          fprintf(stderr, "Received extension type %d size %d\n", type, size);
 193 @@ -2472,18 +2472,18 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s,
 194      if (s->hit || s->cert->srv_ext.meths_count == 0)
 195          return 1;
 196
 197 -    if (data >= limit - 2)
 198 +    if (limit - data <= 2)
 199          return 1;
 200      n2s(data, len);
 201
 202 -    if (data > limit - len)
 203 +    if (limit - data < len)
 204          return 1;
 205
 206 -    while (data <= limit - 4) {
 207 +    while (limit - data >= 4) {
 208          n2s(data, type);
 209          n2s(data, size);
 210
 211 -        if (data + size > limit)
 212 +        if (limit - data < size)
 213              return 1;
 214          if (custom_ext_parse(s, 1 /* server */ , type, data, size, al) <= 0)
 215              return 0;
 216 @@ -2569,20 +2569,20 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
 217                               SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
 218  # endif
 219
 220 -    if (data >= (d + n - 2))
 221 +    if ((d + n) - data <= 2)
 222          goto ri_check;
 223
 224      n2s(data, length);
 225 -    if (data + length != d + n) {
 226 +    if ((d + n) - data != length) {
 227          *al = SSL_AD_DECODE_ERROR;
 228          return 0;
 229      }
 230
 231 -    while (data <= (d + n - 4)) {
 232 +    while ((d + n) - data >= 4) {
 233          n2s(data, type);
 234          n2s(data, size);
 235
 236 -        if (data + size > (d + n))
 237 +        if ((d + n) - data < size)
 238              goto ri_check;
 239
 240          if (s->tlsext_debug_cb)
 241 @@ -3307,29 +3307,33 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
 242      /* Skip past DTLS cookie */
 243      if (SSL_IS_DTLS(s)) {
 244          i = *(p++);
 245 -        p += i;
 246 -        if (p >= limit)
 247 +
 248 +        if (limit - p <= i)
 249              return -1;
 250 +
 251 +        p += i;
 252      }
 253      /* Skip past cipher list */
 254      n2s(p, i);
 255 -    p += i;
 256 -    if (p >= limit)
 257 +    if (limit - p <= i)
 258          return -1;
 259 +    p += i;
 260 +
 261      /* Skip past compression algorithm list */
 262      i = *(p++);
 263 -    p += i;
 264 -    if (p > limit)
 265 +    if (limit - p < i)
 266          return -1;
 267 +    p += i;
 268 +
 269      /* Now at start of extensions */
 270 -    if ((p + 2) >= limit)
 271 +    if (limit - p <= 2)
 272          return 0;
 273      n2s(p, i);
 274 -    while ((p + 4) <= limit) {
 275 +    while (limit - p >= 4) {
 276          unsigned short type, size;
 277          n2s(p, type);
 278          n2s(p, size);
 279 -        if (p + size > limit)
 280 +        if (limit - p < size)
 281              return 0;
 282          if (type == TLSEXT_TYPE_session_ticket) {
 283              int r;
 284 --
 285 2.8.4
 286