From: Dr. Stephen Henson Date: Thu, 10 May 2012 16:03:52 +0000 (+0000) Subject: Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and X-Git-Tag: master-post-reformat~1830 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=c46ecc3a55bcbbe4ff31da3864d015e343b0189f;p=oweals%2Fopenssl.git Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and DTLS to fix DoS attack. Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing as a service testing platform. (CVE-2012-2333) --- diff --git a/CHANGES b/CHANGES index 8425bb37ea..2656e6616e 100644 --- a/CHANGES +++ b/CHANGES @@ -292,6 +292,14 @@ Changes between 1.0.1b and 1.0.1c [xx XXX xxxx] + *) Sanity check record length before skipping explicit IV in TLS + 1.2, 1.1 and DTLS to avoid DoS attack. + + Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic + fuzzing as a service testing platform. + (CVE-2012-2333) + [Steve Henson] + *) Initialise tkeylen properly when encrypting CMS messages. Thanks to Solar Designer of Openwall for reporting this issue. [Steve Henson] diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c index becbab91c2..07a5e97ce5 100644 --- a/ssl/d1_enc.c +++ b/ssl/d1_enc.c @@ -260,7 +260,7 @@ int dtls1_enc(SSL *s, int send) } /* TLS 1.0 does not bound the number of padding bytes by the block size. * All of them must have value 'padding_length'. */ - if (i > (int)rec->length) + if (i + bs > (int)rec->length) { /* Incorrect padding. SSLerr() and ssl3_alert are done * by caller: we don't want to reveal whether this is diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 201ca9ad6d..f7bdeb3b9d 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -889,6 +889,8 @@ int tls1_enc(SSL *s, int send) if (s->version >= TLS1_1_VERSION && EVP_CIPHER_CTX_mode(ds) == EVP_CIPH_CBC_MODE) { + if (bs > (int)rec->length) + return -1; rec->data += bs; /* skip the explicit IV */ rec->input += bs; rec->length -= bs;