From 9d401013fc61b0ca51cd557b9922052b2c3cce26 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Tue, 5 Nov 2019 15:07:55 +0100 Subject: [PATCH] ustream-ssl: backport fix for CVE-2019-5101, CVE-2019-5102 Signed-off-by: Jo-Philipp Wich (cherry picked from commit c5d5cdb759adc890ce6699117b7119acf280ce77) --- package/libs/ustream-ssl/Makefile | 2 +- ...stream-ssl-skip-writing-pending-data.patch | 56 +++++++++++++++++++ 2 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 package/libs/ustream-ssl/patches/0001-ustream-ssl-skip-writing-pending-data.patch diff --git a/package/libs/ustream-ssl/Makefile b/package/libs/ustream-ssl/Makefile index 2ea5bf0bd5..86c2d025a0 100644 --- a/package/libs/ustream-ssl/Makefile +++ b/package/libs/ustream-ssl/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ustream-ssl -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=$(PROJECT_GIT)/project/ustream-ssl.git diff --git a/package/libs/ustream-ssl/patches/0001-ustream-ssl-skip-writing-pending-data.patch b/package/libs/ustream-ssl/patches/0001-ustream-ssl-skip-writing-pending-data.patch new file mode 100644 index 0000000000..e6f08c19e3 --- /dev/null +++ b/package/libs/ustream-ssl/patches/0001-ustream-ssl-skip-writing-pending-data.patch @@ -0,0 +1,56 @@ +From c9b6668215a27f2346d5eedd6f29cc720985b448 Mon Sep 17 00:00:00 2001 +From: Jo-Philipp Wich +Date: Wed, 11 Sep 2019 21:09:59 +0200 +Subject: [PATCH] ustream-ssl: skip writing pending data if .eof is true after + connect + +Check the .eof member of the underlying ustream after the call to +__ustream_ssl_connect() since existing users of the library appear +to set the eof flag as a way to signal connection termination upon +failing certificate verification. + +This is a stop-gap measure to address TALOS-2019-0893 but a proper +API redesign is required to give applications proper control over +whether certificate failures are to be ignored or not and the default +implementation without custom callbacks should always terminate on +verification failures. + +Signed-off-by: Jo-Philipp Wich +--- + ustream-ssl.c | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/ustream-ssl.c b/ustream-ssl.c +index e6b084b..47f66d6 100644 +--- a/ustream-ssl.c ++++ b/ustream-ssl.c +@@ -40,6 +40,26 @@ static void ustream_ssl_check_conn(struct ustream_ssl *us) + return; + + if (__ustream_ssl_connect(us) == U_SSL_OK) { ++ ++ /* __ustream_ssl_connect() will also return U_SSL_OK when certificate ++ * verification failed! ++ * ++ * Applications may register a custom .notify_verify_error callback in the ++ * struct ustream_ssl which is called upon verification failures, but there ++ * is no straight forward way for the callback to terminate the connection ++ * initiation right away, e.g. through a true or false return value. ++ * ++ * Instead, existing implementations appear to set .eof field of the underlying ++ * ustream in the hope that this inhibits further operations on the stream. ++ * ++ * Declare this informal behaviour "official" and check for the state of the ++ * .eof member after __ustream_ssl_connect() returned, and do not write the ++ * pending data if it is set to true. ++ */ ++ ++ if (us->stream.eof) ++ return; ++ + us->connected = true; + if (us->notify_connected) + us->notify_connected(us); +-- +2.20.1 + -- 2.25.1