aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/openssl-CVE-2019-1559.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/openssl-CVE-2019-1559.patch')
-rw-r--r--gnu/packages/patches/openssl-CVE-2019-1559.patch60
1 files changed, 60 insertions, 0 deletions
diff --git a/gnu/packages/patches/openssl-CVE-2019-1559.patch b/gnu/packages/patches/openssl-CVE-2019-1559.patch
new file mode 100644
index 0000000000..3e630037b5
--- /dev/null
+++ b/gnu/packages/patches/openssl-CVE-2019-1559.patch
@@ -0,0 +1,60 @@
+From e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Fri, 14 Dec 2018 07:28:30 +0000
+Subject: [PATCH] Go into the error state if a fatal alert is sent or received
+
+If an application calls SSL_shutdown after a fatal alert has occured and
+then behaves different based on error codes from that function then the
+application may be vulnerable to a padding oracle.
+
+CVE-2019-1559
+
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+---
+ ssl/d1_pkt.c | 1 +
+ ssl/s3_pkt.c | 10 +++++++---
+ 2 files changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
+index 23aa9db..c7fe977 100644
+--- a/ssl/d1_pkt.c
++++ b/ssl/d1_pkt.c
+@@ -1309,6 +1309,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
+ ERR_add_error_data(2, "SSL alert number ", tmp);
+ s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+ SSL_CTX_remove_session(s->session_ctx, s->session);
++ s->state = SSL_ST_ERR;
+ return (0);
+ } else {
+ al = SSL_AD_ILLEGAL_PARAMETER;
+diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
+index 6527df8..830b723 100644
+--- a/ssl/s3_pkt.c
++++ b/ssl/s3_pkt.c
+@@ -1500,6 +1500,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
+ ERR_add_error_data(2, "SSL alert number ", tmp);
+ s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+ SSL_CTX_remove_session(s->session_ctx, s->session);
++ s->state = SSL_ST_ERR;
+ return (0);
+ } else {
+ al = SSL_AD_ILLEGAL_PARAMETER;
+@@ -1719,9 +1720,12 @@ int ssl3_send_alert(SSL *s, int level, int desc)
+ * protocol_version alerts */
+ if (desc < 0)
+ return -1;
+- /* If a fatal one, remove from cache */
+- if ((level == 2) && (s->session != NULL))
+- SSL_CTX_remove_session(s->session_ctx, s->session);
++ /* If a fatal one, remove from cache and go into the error state */
++ if (level == SSL3_AL_FATAL) {
++ if (s->session != NULL)
++ SSL_CTX_remove_session(s->session_ctx, s->session);
++ s->state = SSL_ST_ERR;
++ }
+
+ s->s3->alert_dispatch = 1;
+ s->s3->send_alert[0] = level;
+--
+2.7.4
+