From 4da4912184d7585c1156f7bf674490329e917635 Mon Sep 17 00:00:00 2001 From: beck <> Date: Thu, 26 Jan 2017 07:20:57 +0000 Subject: Limit the number of sequential empty records that we will process before yielding, and fail if we exceed a maximum. loosely based on what boring and openssl are doing ok jsing@ --- src/lib/libssl/ssl.h | 3 ++- src/lib/libssl/ssl_err.c | 3 ++- src/lib/libssl/ssl_locl.h | 6 +++++- src/lib/libssl/ssl_pkt.c | 25 +++++++++++++++++++++---- 4 files changed, 30 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 05669aea8e..2122fea936 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.124 2017/01/26 00:29:04 jsing Exp $ */ +/* $OpenBSD: ssl.h,v 1.125 2017/01/26 07:20:57 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2064,6 +2064,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_WRONG_VERSION_NUMBER 267 #define SSL_R_X509_LIB 268 #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 +#define SSL_R_PEER_BEHAVING_BADLY 666 #ifdef __cplusplus } diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c index 04742b60ca..efe3e9473f 100644 --- a/src/lib/libssl/ssl_err.c +++ b/src/lib/libssl/ssl_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_err.c,v 1.29 2015/02/22 15:54:27 jsing Exp $ */ +/* $OpenBSD: ssl_err.c,v 1.30 2017/01/26 07:20:57 beck Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -597,6 +597,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= { {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) , "wrong version number"}, {ERR_REASON(SSL_R_X509_LIB) , "x509 lib"}, {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), "x509 verification setup problems"}, + {ERR_REASON(SSL_R_PEER_BEHAVING_BADLY) ,"peer is doing strange or hostile things"}, {0, NULL} }; diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 6834592516..215d4ad0b0 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.170 2017/01/26 06:32:58 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.171 2017/01/26 07:20:57 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -352,6 +352,8 @@ __BEGIN_HIDDEN_DECLS #define SSL_PKEY_GOST01 6 #define SSL_PKEY_NUM 7 +#define SSL_MAX_EMPTY_RECORDS 32 + /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) @@ -770,6 +772,8 @@ typedef struct ssl_internal_st { int rstate; /* where we are when reading */ int mac_packet; + + int empty_record_count; } SSL_INTERNAL; typedef struct ssl3_state_internal_st { diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c index 6d1a8481ee..a58a4b6656 100644 --- a/src/lib/libssl/ssl_pkt.c +++ b/src/lib/libssl/ssl_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_pkt.c,v 1.3 2017/01/26 06:39:08 beck Exp $ */ +/* $OpenBSD: ssl_pkt.c,v 1.4 2017/01/26 07:20:57 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -337,7 +337,7 @@ ssl3_get_record(SSL *s) rr = &(S3I(s)->rrec); sess = s->session; -again: + again: /* check if we have the header */ if ((s->internal->rstate != SSL_ST_READ_BODY) || (s->internal->packet_length < SSL3_RT_HEADER_LENGTH)) { @@ -535,9 +535,26 @@ again: /* we have pulled in a full packet so zero things */ s->internal->packet_length = 0; - /* just read a 0 length packet */ - if (rr->length == 0) + if (rr->length == 0) { + /* + * CBC countermeasures for known IV weaknesses + * can legitimately insert single empty record, + * so we allow ourselves to read once past a single + * empty record without forcing want_read. + */ + if (s->internal->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) { + SSLerr(SSL_F_SSL3_GET_RECORD, + SSL_R_PEER_BEHAVING_BADLY); + return -1; + } + if (s->internal->empty_record_count > 1) { + ssl_force_want_read(s); + return -1; + } goto again; + } else { + s->internal->empty_record_count = 0; + } return (1); -- cgit v1.2.3-55-g6feb