--- /dev/null
+From: Dr. Stephen Henson <steve@openssl.org>
+Date: Sat, 5 Apr 2014 23:51:06 +0000 (+0100)
+Subject: Add heartbeat extension bounds check.
+X-Git-Tag: OpenSSL_1_0_1g~3
+X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=96db902
+
+Add heartbeat extension bounds check.
+
+A missing bounds check in the handling of the TLS heartbeat extension
+can be used to reveal up to 64k of memory to a connected client or
+server.
+
+Thanks for Neel Mehta of Google Security for discovering this bug and to
+Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
+preparing the fix (CVE-2014-0160)
+---
+
+diff --git a/ssl/d1_both.c b/ssl/d1_both.c
+index 7a5596a..2e8cf68 100644
+--- a/ssl/d1_both.c
++++ b/ssl/d1_both.c
+@@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s)
+ unsigned int payload;
+ unsigned int padding = 16; /* Use minimum padding */
+
+- /* Read type and payload length first */
+- hbtype = *p++;
+- n2s(p, payload);
+- pl = p;
+-
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+ &s->s3->rrec.data[0], s->s3->rrec.length,
+ s, s->msg_callback_arg);
+
++ /* Read type and payload length first */
++ if (1 + 2 + 16 > s->s3->rrec.length)
++ return 0; /* silently discard */
++ hbtype = *p++;
++ n2s(p, payload);
++ if (1 + 2 + payload + 16 > s->s3->rrec.length)
++ return 0; /* silently discard per RFC 6520 sec. 4 */
++ pl = p;
++
+ if (hbtype == TLS1_HB_REQUEST)
+ {
+ unsigned char *buffer, *bp;
++ unsigned int write_length = 1 /* heartbeat type */ +
++ 2 /* heartbeat length */ +
++ payload + padding;
+ int r;
+
++ if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
++ return 0;
++
+ /* Allocate memory for the response, size is 1 byte
+ * message type, plus 2 bytes payload length, plus
+ * payload, plus padding
+ */
+- buffer = OPENSSL_malloc(1 + 2 + payload + padding);
++ buffer = OPENSSL_malloc(write_length);
+ bp = buffer;
+
+ /* Enter response type, length and copy payload */
+@@ -1489,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s)
+ /* Random padding */
+ RAND_pseudo_bytes(bp, padding);
+
+- r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
++ r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
+
+ if (r >= 0 && s->msg_callback)
+ s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
+- buffer, 3 + payload + padding,
++ buffer, write_length,
+ s, s->msg_callback_arg);
+
+ OPENSSL_free(buffer);
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index b82fada..bddffd9 100644
+--- a/ssl/t1_lib.c
++++ b/ssl/t1_lib.c
+@@ -2588,16 +2588,20 @@ tls1_process_heartbeat(SSL *s)
+ unsigned int payload;
+ unsigned int padding = 16; /* Use minimum padding */
+
+- /* Read type and payload length first */
+- hbtype = *p++;
+- n2s(p, payload);
+- pl = p;
+-
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+ &s->s3->rrec.data[0], s->s3->rrec.length,
+ s, s->msg_callback_arg);
+
++ /* Read type and payload length first */
++ if (1 + 2 + 16 > s->s3->rrec.length)
++ return 0; /* silently discard */
++ hbtype = *p++;
++ n2s(p, payload);
++ if (1 + 2 + payload + 16 > s->s3->rrec.length)
++ return 0; /* silently discard per RFC 6520 sec. 4 */
++ pl = p;
++
+ if (hbtype == TLS1_HB_REQUEST)
+ {
+ unsigned char *buffer, *bp;
projects / people / ms / ipfire-3.x.git / commitdiff
