guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: gnu: openssl: Fix CVE-2019-1559.

From: guix-commits
Subject: 01/01: gnu: openssl: Fix CVE-2019-1559.
Date: Thu, 28 Feb 2019 18:01:01 -0500 (EST) 
nckx pushed a commit to branch master
in repository guix.

commit a92c6b1a2b5b8b69f248c732db4a11ddf130f0f1
Author: Tobias Geerinckx-Rice <address@hidden>
Date:   Thu Feb 28 23:53:26 2019 +0100

    gnu: openssl: Fix CVE-2019-1559.
    
    * gnu/packages/tls.scm (openssl)[replacement]: New field.
    (openssl/fixed): New variable.
    (openssl-next)[inherit]: Inherit from it instead.
    * gnu/packages/patches/openssl-CVE-2019-1559.patch: New file.
    * gnu/local.mk (dist_patch_DATA): Add it.
---
 gnu/local.mk                                     |  1 +
 gnu/packages/patches/openssl-CVE-2019-1559.patch | 60 ++++++++++++++++++++++++
 gnu/packages/tls.scm                             | 14 +++++-
 3 files changed, 73 insertions(+), 2 deletions(-)

diff --git a/gnu/local.mk b/gnu/local.mk
index 82050b9..c27bf97 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1098,6 +1098,7 @@ dist_patch_DATA =                                         
\
   %D%/packages/patches/openssl-runpath.patch                   \
   %D%/packages/patches/openssl-1.1-c-rehash-in.patch           \
   %D%/packages/patches/openssl-c-rehash-in.patch               \
+  %D%/packages/patches/openssl-CVE-2019-1559.patch             \
   %D%/packages/patches/orpheus-cast-errors-and-includes.patch  \
   %D%/packages/patches/osip-CVE-2017-7853.patch                        \
   %D%/packages/patches/ots-no-include-missing-file.patch       \
diff --git a/gnu/packages/patches/openssl-CVE-2019-1559.patch 
b/gnu/packages/patches/openssl-CVE-2019-1559.patch
new file mode 100644
index 0000000..3e63003
--- /dev/null
+++ b/gnu/packages/patches/openssl-CVE-2019-1559.patch
@@ -0,0 +1,60 @@
+From e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e Mon Sep 17 00:00:00 2001
+From: Matt Caswell <address@hidden>
+Date: Fri, 14 Dec 2018 07:28:30 +0000
+Subject: [PATCH] Go into the error state if a fatal alert is sent or received
+
+If an application calls SSL_shutdown after a fatal alert has occured and
+then behaves different based on error codes from that function then the
+application may be vulnerable to a padding oracle.
+
+CVE-2019-1559
+
+Reviewed-by: Richard Levitte <address@hidden>
+---
+ ssl/d1_pkt.c |  1 +
+ ssl/s3_pkt.c | 10 +++++++---
+ 2 files changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
+index 23aa9db..c7fe977 100644
+--- a/ssl/d1_pkt.c
++++ b/ssl/d1_pkt.c
+@@ -1309,6 +1309,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char 
*buf, int len, int peek)
+             ERR_add_error_data(2, "SSL alert number ", tmp);
+             s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+             SSL_CTX_remove_session(s->session_ctx, s->session);
++            s->state = SSL_ST_ERR;
+             return (0);
+         } else {
+             al = SSL_AD_ILLEGAL_PARAMETER;
+diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
+index 6527df8..830b723 100644
+--- a/ssl/s3_pkt.c
++++ b/ssl/s3_pkt.c
+@@ -1500,6 +1500,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char 
*buf, int len, int peek)
+             ERR_add_error_data(2, "SSL alert number ", tmp);
+             s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+             SSL_CTX_remove_session(s->session_ctx, s->session);
++            s->state = SSL_ST_ERR;
+             return (0);
+         } else {
+             al = SSL_AD_ILLEGAL_PARAMETER;
+@@ -1719,9 +1720,12 @@ int ssl3_send_alert(SSL *s, int level, int desc)
+                                           * protocol_version alerts */
+     if (desc < 0)
+         return -1;
+-    /* If a fatal one, remove from cache */
+-    if ((level == 2) && (s->session != NULL))
+-        SSL_CTX_remove_session(s->session_ctx, s->session);
++    /* If a fatal one, remove from cache and go into the error state */
++    if (level == SSL3_AL_FATAL) {
++        if (s->session != NULL)
++            SSL_CTX_remove_session(s->session_ctx, s->session);
++        s->state = SSL_ST_ERR;
++    }
+ 
+     s->s3->alert_dispatch = 1;
+     s->s3->send_alert[0] = level;
+-- 
+2.7.4
+
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index c10b1a5..6e91a46 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -10,7 +10,7 @@
 ;;; Copyright © 2016 Hartmut Goebel <address@hidden>
 ;;; Copyright © 2017 Ricardo Wurmus <address@hidden>
 ;;; Copyright © 2017, 2018 Marius Bakke <address@hidden>
-;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <address@hidden>
+;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <address@hidden>
 ;;; Copyright © 2017 Rutger Helling <address@hidden>
 ;;; Copyright © 2018 Clément Lassieur <address@hidden>
 ;;;
@@ -271,6 +271,7 @@ required structures.")
 (define-public openssl
   (package
    (name "openssl")
+   (replacement openssl/fixed)
    (version "1.0.2p")
    (source (origin
              (method url-fetch)
@@ -399,9 +400,18 @@ required structures.")
    (license license:openssl)
    (home-page "https://www.openssl.org/";)))
 
+(define-public openssl/fixed
+  (hidden-package
+   (package
+     (inherit openssl)
+     (source (origin
+               (inherit (package-source openssl))
+               (patches (append (origin-patches (package-source openssl))
+                                (search-patches 
"openssl-CVE-2019-1559.patch"))))))))
+
 (define-public openssl-next
   (package
-    (inherit openssl)
+    (inherit openssl/fixed)
     (name "openssl")
     (version "1.1.1a")
     (source (origin
reply via email to
[Prev in Thread] Current Thread [Next in Thread]