From 354f92d66ad9b0aa83bb0eb6e6faf6c9bbab13d0 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 24 Mar 2010 13:16:42 +0000 Subject: [PATCH] Submitted by: Bodo Moeller and Adam Langley (Google). Fix for "Record of death" vulnerability CVE-2010-0740. --- CHANGES | 11 ++++++++++- ssl/s3_pkt.c | 6 +++--- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index ce053771e3..b350da79f6 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,16 @@ OpenSSL CHANGES _______________ - Changes between 0.9.8m and 0.9.8n [xx XXX xxxx] + Changes between 0.9.8m and 0.9.8n [24 Mar 2010] + + *) When rejecting SSL/TLS records due to an incorrect version number, never + update s->server with a new major version number. As of + - OpenSSL 0.9.8m if 'short' is a 16-bit type, + - OpenSSL 0.9.8f if 'short' is longer than 16 bits, + the previous behavior could result in a read attempt at NULL when + receiving specific incorrect SSL/TLS records once record payload + protection is active. (CVE-2010-0740) + [Bodo Moeller, Adam Langley ] *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL could be crashed if the relevant tables were not present (e.g. chrooted). diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index a2ba5748d5..5e3583c04d 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -291,9 +291,9 @@ again: if (version != s->version) { SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); - /* Send back error using their - * version number :-) */ - s->version=version; + if ((s->version & 0xFF00) == (version & 0xFF00)) + /* Send back error using their minor version number :-) */ + s->version = (unsigned short)version; al=SSL_AD_PROTOCOL_VERSION; goto f_err; } -- 2.25.1