diff options
| author | jsing <> | 2016-11-03 16:23:30 +0000 | 
|---|---|---|
| committer | jsing <> | 2016-11-03 16:23:30 +0000 | 
| commit | d07ab8493c1e46771ae09a29033803992ac3510b (patch) | |
| tree | 5b346c507a4dc36d5e4f9c2abc2489a74b5f199e | |
| parent | 870784c7c9e80385972d13782f00af20416c8144 (diff) | |
| download | openbsd-d07ab8493c1e46771ae09a29033803992ac3510b.tar.gz openbsd-d07ab8493c1e46771ae09a29033803992ac3510b.tar.bz2 openbsd-d07ab8493c1e46771ae09a29033803992ac3510b.zip | |
In ssl3_read_bytes(), do not process more than three consecutive TLS
records, otherwise a peer can potentially cause us to loop indefinately.
Return with an SSL_ERROR_WANT_READ instead, so that the caller can choose
when they want to handle further processing for this connection.
ok beck@ miod@
| -rw-r--r-- | src/lib/libssl/s3_pkt.c | 28 | 
1 files changed, 24 insertions, 4 deletions
| diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index 0e97be6728..8d4212d4a1 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_pkt.c,v 1.58 2016/07/10 23:07:34 tedu Exp $ */ | 1 | /* $OpenBSD: s3_pkt.c,v 1.59 2016/11/03 16:23:30 jsing Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -839,10 +839,11 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) | |||
| 839 | int | 839 | int | 
| 840 | ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) | 840 | ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) | 
| 841 | { | 841 | { | 
| 842 | int al, i, j, ret; | 842 | void (*cb)(const SSL *ssl, int type2, int val) = NULL; | 
| 843 | int al, i, j, ret, rrcount = 0; | ||
| 843 | unsigned int n; | 844 | unsigned int n; | 
| 844 | SSL3_RECORD *rr; | 845 | SSL3_RECORD *rr; | 
| 845 | void (*cb)(const SSL *ssl, int type2, int val) = NULL; | 846 | BIO *bio; | 
| 846 | 847 | ||
| 847 | if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ | 848 | if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ | 
| 848 | if (!ssl3_setup_read_buffer(s)) | 849 | if (!ssl3_setup_read_buffer(s)) | 
| @@ -896,7 +897,27 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) | |||
| 896 | return (-1); | 897 | return (-1); | 
| 897 | } | 898 | } | 
| 898 | } | 899 | } | 
| 900 | |||
| 899 | start: | 901 | start: | 
| 902 | /* | ||
| 903 | * Do not process more than three consecutive records, otherwise the | ||
| 904 | * peer can cause us to loop indefinitely. Instead, return with an | ||
| 905 | * SSL_ERROR_WANT_READ so the caller can choose when to handle further | ||
| 906 | * processing. In the future, the total number of non-handshake and | ||
| 907 | * non-application data records per connection should probably also be | ||
| 908 | * limited... | ||
| 909 | */ | ||
| 910 | if (rrcount++ >= 3) { | ||
| 911 | if ((bio = SSL_get_rbio(s)) == NULL) { | ||
| 912 | SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); | ||
| 913 | return -1; | ||
| 914 | } | ||
| 915 | BIO_clear_retry_flags(bio); | ||
| 916 | BIO_set_retry_read(bio); | ||
| 917 | s->rwstate = SSL_READING; | ||
| 918 | return -1; | ||
| 919 | } | ||
| 920 | |||
| 900 | s->rwstate = SSL_NOTHING; | 921 | s->rwstate = SSL_NOTHING; | 
| 901 | 922 | ||
| 902 | /* | 923 | /* | 
| @@ -1050,7 +1071,6 @@ start: | |||
| 1050 | if (!(s->mode & SSL_MODE_AUTO_RETRY)) { | 1071 | if (!(s->mode & SSL_MODE_AUTO_RETRY)) { | 
| 1051 | if (s->s3->rbuf.left == 0) { | 1072 | if (s->s3->rbuf.left == 0) { | 
| 1052 | /* no read-ahead left? */ | 1073 | /* no read-ahead left? */ | 
| 1053 | BIO *bio; | ||
| 1054 | /* In the case where we try to read application data, | 1074 | /* In the case where we try to read application data, | 
| 1055 | * but we trigger an SSL handshake, we return -1 with | 1075 | * but we trigger an SSL handshake, we return -1 with | 
| 1056 | * the retry option set. Otherwise renegotiation may | 1076 | * the retry option set. Otherwise renegotiation may | 
