Fix NFS deadlock vulnerability. [SA-14:05]

Fix "Heartbleed" vulnerability and ECDSA Cache Side-channel Attack in OpenSSL. [SA-14:06]
author: delphij <delphij@FreeBSD.org> 2014-04-08 18:27:39 +0000
committer: delphij <delphij@FreeBSD.org> 2014-04-08 18:27:39 +0000
commit: 7ec723c6aee5b9bd4d349753507de3cdaff593cc (patch)
tree: 63836521a1696dd5b815d28327fbb77945f5160e /crypto/openssl/ssl/t1_lib.c
parent: 6f50d7f0911bd0d0ad08c5683f442fe5134b4978 (diff)
download: FreeBSD-src-7ec723c6aee5b9bd4d349753507de3cdaff593cc.zip
FreeBSD-src-7ec723c6aee5b9bd4d349753507de3cdaff593cc.tar.gz
1 files changed, 9 insertions, 5 deletions
diff --git a/crypto/openssl/ssl/t1_lib.c b/crypto/openssl/ssl/t1_lib.c
index e08088c..0160726 100644
--- a/crypto/openssl/ssl/t1_lib.c
+++ b/crypto/openssl/ssl/t1_lib.c
@@ -2486,16 +2486,20 @@ tls1_process_heartbeat(SSL *s)
 	unsigned int payload;
 	unsigned int padding = 16; /* Use minimum padding */
 
-	/* Read type and payload length first */
-	hbtype = *p++;
-	n2s(p, payload);
-	pl = p;
-
 	if (s->msg_callback)
 		s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
 			&s->s3->rrec.data[0], s->s3->rrec.length,
 			s, s->msg_callback_arg);
 
+	/* Read type and payload length first */
+	if (1 + 2 + 16 > s->s3->rrec.length)
+		return 0; /* silently discard */
+	hbtype = *p++;
+	n2s(p, payload);
+	if (1 + 2 + payload + 16 > s->s3->rrec.length)
+		return 0; /* silently discard per RFC 6520 sec. 4 */
+	pl = p;
+
 	if (hbtype == TLS1_HB_REQUEST)
 		{
 		unsigned char *buffer, *bp;
author	delphij <delphij@FreeBSD.org>	2014-04-08 18:27:39 +0000
committer	delphij <delphij@FreeBSD.org>	2014-04-08 18:27:39 +0000
commit	7ec723c6aee5b9bd4d349753507de3cdaff593cc (patch)
tree	63836521a1696dd5b815d28327fbb77945f5160e /crypto/openssl/ssl/t1_lib.c
parent	6f50d7f0911bd0d0ad08c5683f442fe5134b4978 (diff)
download	FreeBSD-src-7ec723c6aee5b9bd4d349753507de3cdaff593cc.zip FreeBSD-src-7ec723c6aee5b9bd4d349753507de3cdaff593cc.tar.gz