Commit bb6dafb953ac6c105b98a426696646ddae015625 - openssl

Make patches apply Kurt Roeckx 12 years ago

3 changed file(s) with 44 addition(s) and 47 deletion(s). Raw diff Collapse all Expand all

+14

-15

debian/patches/CVE-2011-4108.patch less more

0		diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
1		index e4f47e9..83702e5 100644
2		--- a/ssl/d1_pkt.c
3		+++ b/ssl/d1_pkt.c
4		@@ -335,6 +335,7 @@ dtls1_process_record(SSL *s)
	0	Index: openssl-0.9.8o/ssl/d1_pkt.c
	1	===================================================================
	2	--- openssl-0.9.8o.orig/ssl/d1_pkt.c 2010-04-14 00:09:39.000000000 +0000
	3	+++ openssl-0.9.8o/ssl/d1_pkt.c 2012-01-14 21:36:36.000000000 +0000
	4	@@ -338,6 +338,7 @@
5	5	SSL3_RECORD *rr;
6	6	unsigned int mac_size;
7	7	unsigned char md[EVP_MAX_MD_SIZE];

9	9
10	10
11	11	rr= &(s->s3->rrec);
12		@@ -369,13 +370,10 @@ dtls1_process_record(SSL *s)
	12	@@ -372,12 +373,10 @@
13	13	enc_err = s->method->ssl3_enc->enc(s,0);
14	14	if (enc_err <= 0)
15	15	{
16		- /* decryption failed, silently discard message */
17		- if (enc_err < 0)
18		- {
19		- rr->length = 0;
20		- s->packet_length = 0;
21		- }
	16	- if (enc_err == 0)
	17	- /* SSLerr() and ssl3_send_alert() have been called */
	18	- goto err;
	19	-
	20	- /* otherwise enc_err == -1 */
22	21	- goto err;
23	22	+ /* To minimize information leaked via timing, we will always
24	23	+ * perform all computations before discarding the message.

27	26	}
28	27
29	28	#ifdef TLS_DEBUG
30		@@ -401,7 +399,7 @@ if ( (sess == NULL) \|\|
	29	@@ -403,7 +402,7 @@
31	30	SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
32	31	goto f_err;
33	32	#else

36	35	#endif
37	36	}
38	37	/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
39		@@ -412,17 +410,25 @@ if ( (sess == NULL) \|\|
	38	@@ -414,17 +413,25 @@
40	39	SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
41	40	goto f_err;
42	41	#else

45	44	#endif
46	45	}
47	46	rr->length-=mac_size;
48		s->method->ssl3_enc->mac(s,md,0);
	47	i=s->method->ssl3_enc->mac(s,md,0);
49	48	if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
50	49	{
51	50	- goto err;

+24

-26

debian/patches/CVE-2011-4577.patch less more

0		diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
1		index d27a707..c0e1d2d 100644
2		--- a/crypto/x509v3/v3_addr.c
3		+++ b/crypto/x509v3/v3_addr.c
4		@@ -142,12 +142,13 @@ unsigned int v3_addr_get_afi(const IPAddressFamily *f)
	0	Index: openssl-0.9.8o/crypto/x509v3/v3_addr.c
	1	===================================================================
	2	--- openssl-0.9.8o.orig/crypto/x509v3/v3_addr.c 2012-01-14 21:41:17.000000000 +0000
	3	+++ openssl-0.9.8o/crypto/x509v3/v3_addr.c 2012-01-14 21:42:33.000000000 +0000
	4	@@ -142,12 +142,13 @@
5	5	* Expand the bitstring form of an address into a raw byte array.
6	6	* At the moment this is coded for simplicity, not speed.
7	7	*/

17	17	if (bs->length > 0) {
18	18	memcpy(addr, bs->data, bs->length);
19	19	if ((bs->flags & 7) != 0) {
20		@@ -159,6 +160,7 @@ static void addr_expand(unsigned char *addr,
	20	@@ -159,6 +160,7 @@
21	21	}
22	22	}
23	23	memset(addr + bs->length, fill, length - bs->length);

25	25	}
26	26
27	27	/*
28		@@ -181,15 +183,13 @@ static int i2r_address(BIO *out,
29		return 0;
	28	@@ -179,11 +181,13 @@
	29
30	30	switch (afi) {
31	31	case IANA_AFI_IPV4:
32		- if (bs->length > 4)
	32	- addr_expand(addr, bs, 4, fill);
33	33	+ if (!addr_expand(addr, bs, 4, fill))
34		return 0;
35		- addr_expand(addr, bs, 4, fill);
	34	+ return 0;
36	35	BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
37	36	break;
38	37	case IANA_AFI_IPV6:
39		- if (bs->length > 16)
	38	- addr_expand(addr, bs, 16, fill);
40	39	+ if (!addr_expand(addr, bs, 16, fill))
41		return 0;
42		- addr_expand(addr, bs, 16, fill);
	40	+ return 0;
43	41	for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
44	42	;
45	43	for (i = 0; i < n; i += 2)
46		@@ -315,6 +315,12 @@ static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method,
	44	@@ -309,6 +313,12 @@
47	45	/*
48	46	* Sort comparison function for a sequence of IPAddressOrRange
49	47	* elements.

56	54	*/
57	55	static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
58	56	const IPAddressOrRange *b,
59		@@ -327,22 +333,26 @@ static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
	57	@@ -321,22 +331,26 @@
60	58
61	59	switch (a->type) {
62	60	case IPAddressOrRange_addressPrefix:

87	85	prefixlen_b = length * 8;
88	86	break;
89	87	}
90		@@ -658,22 +668,22 @@ int v3_addr_add_range(IPAddrBlocks *addr,
	88	@@ -651,22 +665,22 @@
91	89	/*
92	90	* Extract min and max values from an IPAddressOrRange.
93	91	*/

118	116	}
119	117
120	118	/*
121		@@ -689,9 +699,10 @@ int v3_addr_get_range(IPAddressOrRange *aor,
	119	@@ -682,9 +696,10 @@
122	120	if (aor == NULL \|\| min == NULL \|\| max == NULL \|\|
123	121	afi_length == 0 \|\| length < afi_length \|\|
124	122	(aor->type != IPAddressOrRange_addressPrefix &&

131	129	return afi_length;
132	130	}
133	131
134		@@ -773,8 +784,9 @@ int v3_addr_is_canonical(IPAddrBlocks *addr)
	132	@@ -766,8 +781,9 @@
135	133	IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
136	134	IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1);
137	135

143	141
144	142	/*
145	143	* Punt misordered list, overlapping start, or inverted range.
146		@@ -809,7 +821,8 @@ int v3_addr_is_canonical(IPAddrBlocks *addr)
	144	@@ -801,7 +817,8 @@
147	145	{
148	146	IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
149		if (a != NULL && a->type == IPAddressOrRange_addressRange) {
	147	if (a->type == IPAddressOrRange_addressRange) {
150	148	- extract_min_max(a, a_min, a_max, length);
151	149	+ if (!extract_min_max(a, a_min, a_max, length))
152	150	+ return 0;
153		if (memcmp(a_min, a_max, length) > 0 \|\|
154		range_should_be_prefix(a_min, a_max, length) >= 0)
	151	if (range_should_be_prefix(a_min, a_max, length) >= 0)
155	152	return 0;
156		@@ -845,8 +858,9 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
	153	}
	154	@@ -836,8 +853,9 @@
157	155	unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
158	156	unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
159	157

164	162	+ return 0;
165	163
166	164	/*
167		* Punt inverted ranges.
168		@@ -1132,13 +1146,15 @@ static int addr_contains(IPAddressOrRanges *parent,
	165	* Punt overlaps.
	166	@@ -1097,13 +1115,15 @@
169	167
170	168	p = 0;
171	169	for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {

-6

debian/patches/dtls-fragment-alert.patch less more

0		diff --git a/ssl/d1_both.c b/ssl/d1_both.c
1		index 1c4158d..85f4d83 100644
2		--- a/ssl/d1_both.c
3		+++ b/ssl/d1_both.c
4		@@ -793,7 +793,13 @@ dtls1_get_message_fragment(SSL s, int st1, int stn, long max, int ok)
	0	Index: openssl-0.9.8o/ssl/d1_both.c
	1	===================================================================
	2	--- openssl-0.9.8o.orig/ssl/d1_both.c 2010-05-03 13:01:59.000000000 +0000
	3	+++ openssl-0.9.8o/ssl/d1_both.c 2012-01-14 21:46:02.000000000 +0000
	4	@@ -806,7 +806,13 @@
5	5	*ok = 0;
6	6	return i;
7	7	}

16	16
17	17	/* parse the message fragment header */
18	18	dtls1_get_message_header(wire, &msg_hdr);
19		@@ -865,7 +871,12 @@ dtls1_get_message_fragment(SSL s, int st1, int stn, long max, int ok)
	19	@@ -876,7 +882,12 @@
20	20
21	21	/* XDTLS: an incorrectly formatted fragment should cause the
22	22	* handshake to fail */