diff options
| author | beck <> | 2017-01-26 07:20:57 +0000 |
|---|---|---|
| committer | beck <> | 2017-01-26 07:20:57 +0000 |
| commit | 4da4912184d7585c1156f7bf674490329e917635 (patch) | |
| tree | 7084b69c15aff2f1f2fea63626df9a5f51b4cb83 /src | |
| parent | 658d10735b253d1c476eedc1f621c0865c0baa52 (diff) | |
| download | openbsd-4da4912184d7585c1156f7bf674490329e917635.tar.gz openbsd-4da4912184d7585c1156f7bf674490329e917635.tar.bz2 openbsd-4da4912184d7585c1156f7bf674490329e917635.zip | |
Limit the number of sequential empty records that we will process
before yielding, and fail if we exceed a maximum. loosely based
on what boring and openssl are doing
ok jsing@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl.h | 3 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_err.c | 3 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 6 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_pkt.c | 25 |
4 files changed, 30 insertions, 7 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 05669aea8e..2122fea936 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl.h,v 1.124 2017/01/26 00:29:04 jsing Exp $ */ | 1 | /* $OpenBSD: ssl.h,v 1.125 2017/01/26 07:20:57 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2064,6 +2064,7 @@ void ERR_load_SSL_strings(void); | |||
| 2064 | #define SSL_R_WRONG_VERSION_NUMBER 267 | 2064 | #define SSL_R_WRONG_VERSION_NUMBER 267 |
| 2065 | #define SSL_R_X509_LIB 268 | 2065 | #define SSL_R_X509_LIB 268 |
| 2066 | #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 | 2066 | #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 |
| 2067 | #define SSL_R_PEER_BEHAVING_BADLY 666 | ||
| 2067 | 2068 | ||
| 2068 | #ifdef __cplusplus | 2069 | #ifdef __cplusplus |
| 2069 | } | 2070 | } |
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c index 04742b60ca..efe3e9473f 100644 --- a/src/lib/libssl/ssl_err.c +++ b/src/lib/libssl/ssl_err.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_err.c,v 1.29 2015/02/22 15:54:27 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_err.c,v 1.30 2017/01/26 07:20:57 beck Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -597,6 +597,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= { | |||
| 597 | {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) , "wrong version number"}, | 597 | {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) , "wrong version number"}, |
| 598 | {ERR_REASON(SSL_R_X509_LIB) , "x509 lib"}, | 598 | {ERR_REASON(SSL_R_X509_LIB) , "x509 lib"}, |
| 599 | {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), "x509 verification setup problems"}, | 599 | {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), "x509 verification setup problems"}, |
| 600 | {ERR_REASON(SSL_R_PEER_BEHAVING_BADLY) ,"peer is doing strange or hostile things"}, | ||
| 600 | {0, NULL} | 601 | {0, NULL} |
| 601 | }; | 602 | }; |
| 602 | 603 | ||
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 6834592516..215d4ad0b0 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.170 2017/01/26 06:32:58 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.171 2017/01/26 07:20:57 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -352,6 +352,8 @@ __BEGIN_HIDDEN_DECLS | |||
| 352 | #define SSL_PKEY_GOST01 6 | 352 | #define SSL_PKEY_GOST01 6 |
| 353 | #define SSL_PKEY_NUM 7 | 353 | #define SSL_PKEY_NUM 7 |
| 354 | 354 | ||
| 355 | #define SSL_MAX_EMPTY_RECORDS 32 | ||
| 356 | |||
| 355 | /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | | 357 | /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | |
| 356 | * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) | 358 | * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) |
| 357 | * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) | 359 | * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) |
| @@ -770,6 +772,8 @@ typedef struct ssl_internal_st { | |||
| 770 | int rstate; /* where we are when reading */ | 772 | int rstate; /* where we are when reading */ |
| 771 | 773 | ||
| 772 | int mac_packet; | 774 | int mac_packet; |
| 775 | |||
| 776 | int empty_record_count; | ||
| 773 | } SSL_INTERNAL; | 777 | } SSL_INTERNAL; |
| 774 | 778 | ||
| 775 | typedef struct ssl3_state_internal_st { | 779 | typedef struct ssl3_state_internal_st { |
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c index 6d1a8481ee..a58a4b6656 100644 --- a/src/lib/libssl/ssl_pkt.c +++ b/src/lib/libssl/ssl_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_pkt.c,v 1.3 2017/01/26 06:39:08 beck Exp $ */ | 1 | /* $OpenBSD: ssl_pkt.c,v 1.4 2017/01/26 07:20:57 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -337,7 +337,7 @@ ssl3_get_record(SSL *s) | |||
| 337 | rr = &(S3I(s)->rrec); | 337 | rr = &(S3I(s)->rrec); |
| 338 | sess = s->session; | 338 | sess = s->session; |
| 339 | 339 | ||
| 340 | again: | 340 | again: |
| 341 | /* check if we have the header */ | 341 | /* check if we have the header */ |
| 342 | if ((s->internal->rstate != SSL_ST_READ_BODY) || | 342 | if ((s->internal->rstate != SSL_ST_READ_BODY) || |
| 343 | (s->internal->packet_length < SSL3_RT_HEADER_LENGTH)) { | 343 | (s->internal->packet_length < SSL3_RT_HEADER_LENGTH)) { |
| @@ -535,9 +535,26 @@ again: | |||
| 535 | /* we have pulled in a full packet so zero things */ | 535 | /* we have pulled in a full packet so zero things */ |
| 536 | s->internal->packet_length = 0; | 536 | s->internal->packet_length = 0; |
| 537 | 537 | ||
| 538 | /* just read a 0 length packet */ | 538 | if (rr->length == 0) { |
| 539 | if (rr->length == 0) | 539 | /* |
| 540 | * CBC countermeasures for known IV weaknesses | ||
| 541 | * can legitimately insert single empty record, | ||
| 542 | * so we allow ourselves to read once past a single | ||
| 543 | * empty record without forcing want_read. | ||
| 544 | */ | ||
| 545 | if (s->internal->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) { | ||
| 546 | SSLerr(SSL_F_SSL3_GET_RECORD, | ||
| 547 | SSL_R_PEER_BEHAVING_BADLY); | ||
| 548 | return -1; | ||
| 549 | } | ||
| 550 | if (s->internal->empty_record_count > 1) { | ||
| 551 | ssl_force_want_read(s); | ||
| 552 | return -1; | ||
| 553 | } | ||
| 540 | goto again; | 554 | goto again; |
| 555 | } else { | ||
| 556 | s->internal->empty_record_count = 0; | ||
| 557 | } | ||
| 541 | 558 | ||
| 542 | return (1); | 559 | return (1); |
| 543 | 560 | ||