Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
authorDr. Stephen Henson <steve@openssl.org>
Wed, 18 Jan 2012 13:12:08 +0000 (13:12 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 18 Jan 2012 13:12:08 +0000 (13:12 +0000)
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)

CHANGES
ssl/d1_pkt.c

diff --git a/CHANGES b/CHANGES
index f15130e..edb48da 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,11 @@
 
  Changes between 0.9.8s and 0.9.8t [xx XXX xxxx]
 
-  *)
+  *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
+     Thanks to Antonio Martin, Enterprise Secure Access Research and
+     Development, Cisco Systems, Inc. for discovering this bug and
+     preparing a fix. (CVE-2012-0050)
+     [Antonio Martin]
 
  Changes between 0.9.8r and 0.9.8s [4 Jan 2012]
 
index 83702e5..b709ebb 100644 (file)
@@ -336,6 +336,7 @@ dtls1_process_record(SSL *s)
        unsigned int mac_size;
        unsigned char md[EVP_MAX_MD_SIZE];
        int decryption_failed_or_bad_record_mac = 0;
+       unsigned char *mac = NULL;
 
 
        rr= &(s->s3->rrec);
@@ -403,19 +404,15 @@ if (      (sess == NULL) ||
 #endif                 
                        }
                /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
-               if (rr->length < mac_size)
+               if (rr->length >= mac_size)
                        {
-#if 0 /* OK only for stream ciphers */
-                       al=SSL_AD_DECODE_ERROR;
-                       SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
-                       goto f_err;
-#else
-                       decryption_failed_or_bad_record_mac = 1;
-#endif
+                       rr->length -= mac_size;
+                       mac = &rr->data[rr->length];
                        }
-               rr->length-=mac_size;
+               else
+                       rr->length = 0;
                s->method->ssl3_enc->mac(s,md,0);
-               if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
+               if (mac == NULL || memcmp(md, mac, mac_size) != 0)
                        {
                        decryption_failed_or_bad_record_mac = 1;
                        }