current/SOURCES/openssl-1.0.1f-CVE-2014-0160.patch

From 96db9023b881d7cd9f379b0c154650d6c108e9a3 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sun, 6 Apr 2014 00:51:06 +0100
Subject: [PATCH] Add heartbeat extension bounds check.

A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.

Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix (CVE-2014-0160)
---
 ssl/d1_both.c |   26 ++++++++++++++++++--------
 ssl/t1_lib.c  |   14 +++++++++-----
 2 files changed, 25 insertions(+), 13 deletions(-)

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 7a5596a..2e8cf68 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s)
        unsigned int payload;
        unsigned int padding = 16; /* Use minimum padding */
 
-       /* Read type and payload length first */
-       hbtype = *p++;
-       n2s(p, payload);
-       pl = p;
-
        if (s->msg_callback)
                s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
                        &s->s3->rrec.data[0], s->s3->rrec.length,
                        s, s->msg_callback_arg);
 
+       /* Read type and payload length first */
+       if (1 + 2 + 16 > s->s3->rrec.length)
+               return 0; /* silently discard */
+       hbtype = *p++;
+       n2s(p, payload);
+       if (1 + 2 + payload + 16 > s->s3->rrec.length)
+               return 0; /* silently discard per RFC 6520 sec. 4 */
+       pl = p;
+
        if (hbtype == TLS1_HB_REQUEST)
                {
                unsigned char *buffer, *bp;
+               unsigned int write_length = 1 /* heartbeat type */ +
+                                           2 /* heartbeat length */ +
+                                           payload + padding;
                int r;
 
+               if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
+                       return 0;
+
                /* Allocate memory for the response, size is 1 byte
                 * message type, plus 2 bytes payload length, plus
                 * payload, plus padding
                 */
-               buffer = OPENSSL_malloc(1 + 2 + payload + padding);
+               buffer = OPENSSL_malloc(write_length);
                bp = buffer;
 
                /* Enter response type, length and copy payload */
@@ -1489,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s)
                /* Random padding */
                RAND_pseudo_bytes(bp, padding);
 
-               r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
+               r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
 
                if (r >= 0 && s->msg_callback)
                        s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
-                               buffer, 3 + payload + padding,
+                               buffer, write_length,
                                s, s->msg_callback_arg);
 
                OPENSSL_free(buffer);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index b82fada..bddffd9 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2588,16 +2588,20 @@ tls1_process_heartbeat(SSL *s)
        unsigned int payload;
        unsigned int padding = 16; /* Use minimum padding */
 
-       /* Read type and payload length first */
-       hbtype = *p++;
-       n2s(p, payload);
-       pl = p;
-
        if (s->msg_callback)
                s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
                        &s->s3->rrec.data[0], s->s3->rrec.length,
                        s, s->msg_callback_arg);
 
+       /* Read type and payload length first */
+       if (1 + 2 + 16 > s->s3->rrec.length)
+               return 0; /* silently discard */
+       hbtype = *p++;
+       n2s(p, payload);
+       if (1 + 2 + payload + 16 > s->s3->rrec.length)
+               return 0; /* silently discard per RFC 6520 sec. 4 */
+       pl = p;
+
        if (hbtype == TLS1_HB_REQUEST)
                {
                unsigned char *buffer, *bp;
-- 
1.7.9.5

1	luigiwalser	612763	From 96db9023b881d7cd9f379b0c154650d6c108e9a3 Mon Sep 17 00:00:00 2001
2			From: "Dr. Stephen Henson" <steve@openssl.org>
3			Date: Sun, 6 Apr 2014 00:51:06 +0100
4			Subject: [PATCH] Add heartbeat extension bounds check.
5
6			A missing bounds check in the handling of the TLS heartbeat extension
7			can be used to reveal up to 64k of memory to a connected client or
8			server.
9
10			Thanks for Neel Mehta of Google Security for discovering this bug and to
11			Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
12			preparing the fix (CVE-2014-0160)
13			---
14			ssl/d1_both.c \| 26 ++++++++++++++++++--------
15			ssl/t1_lib.c \| 14 +++++++++-----
16			2 files changed, 25 insertions(+), 13 deletions(-)
17
18			diff --git a/ssl/d1_both.c b/ssl/d1_both.c
19			index 7a5596a..2e8cf68 100644
20			--- a/ssl/d1_both.c
21			+++ b/ssl/d1_both.c
22			@@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s)
23			unsigned int payload;
24			unsigned int padding = 16; /* Use minimum padding */
25
26			- /* Read type and payload length first */
27			- hbtype = *p++;
28			- n2s(p, payload);
29			- pl = p;
30			-
31			if (s->msg_callback)
32			s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
33			&s->s3->rrec.data[0], s->s3->rrec.length,
34			s, s->msg_callback_arg);
35
36			+ /* Read type and payload length first */
37			+ if (1 + 2 + 16 > s->s3->rrec.length)
38			+ return 0; /* silently discard */
39			+ hbtype = *p++;
40			+ n2s(p, payload);
41			+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
42			+ return 0; /* silently discard per RFC 6520 sec. 4 */
43			+ pl = p;
44			+
45			if (hbtype == TLS1_HB_REQUEST)
46			{
47			unsigned char buffer, bp;
48			+ unsigned int write_length = 1 /* heartbeat type */ +
49			+ 2 /* heartbeat length */ +
50			+ payload + padding;
51			int r;
52
53			+ if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
54			+ return 0;
55			+
56			/* Allocate memory for the response, size is 1 byte
57			* message type, plus 2 bytes payload length, plus
58			* payload, plus padding
59			*/
60			- buffer = OPENSSL_malloc(1 + 2 + payload + padding);
61			+ buffer = OPENSSL_malloc(write_length);
62			bp = buffer;
63
64			/* Enter response type, length and copy payload */
65			@@ -1489,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s)
66			/* Random padding */
67			RAND_pseudo_bytes(bp, padding);
68
69			- r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
70			+ r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
71
72			if (r >= 0 && s->msg_callback)
73			s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
74			- buffer, 3 + payload + padding,
75			+ buffer, write_length,
76			s, s->msg_callback_arg);
77
78			OPENSSL_free(buffer);
79			diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
80			index b82fada..bddffd9 100644
81			--- a/ssl/t1_lib.c
82			+++ b/ssl/t1_lib.c
83			@@ -2588,16 +2588,20 @@ tls1_process_heartbeat(SSL *s)
84			unsigned int payload;
85			unsigned int padding = 16; /* Use minimum padding */
86
87			- /* Read type and payload length first */
88			- hbtype = *p++;
89			- n2s(p, payload);
90			- pl = p;
91			-
92			if (s->msg_callback)
93			s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
94			&s->s3->rrec.data[0], s->s3->rrec.length,
95			s, s->msg_callback_arg);
96
97			+ /* Read type and payload length first */
98			+ if (1 + 2 + 16 > s->s3->rrec.length)
99			+ return 0; /* silently discard */
100			+ hbtype = *p++;
101			+ n2s(p, payload);
102			+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
103			+ return 0; /* silently discard per RFC 6520 sec. 4 */
104			+ pl = p;
105			+
106			if (hbtype == TLS1_HB_REQUEST)
107			{
108			unsigned char buffer, bp;
109			--
110			1.7.9.5
111