From: Matt Caswell Date: Fri, 14 Dec 2018 07:28:30 +0000 (+0000) Subject: Go into the error state if a fatal alert is sent or received X-Git-Tag: OpenSSL_1_0_2r~3 X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e;ds=sidebyside Go into the error state if a fatal alert is sent or received If an application calls SSL_shutdown after a fatal alert has occured and then behaves different based on error codes from that function then the application may be vulnerable to a padding oracle. CVE-2019-1559 Reviewed-by: Richard Levitte --- diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 23aa9dbce4..c7fe97727b 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -1309,6 +1309,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) ERR_add_error_data(2, "SSL alert number ", tmp); s->shutdown |= SSL_RECEIVED_SHUTDOWN; SSL_CTX_remove_session(s->session_ctx, s->session); + s->state = SSL_ST_ERR; return (0); } else { al = SSL_AD_ILLEGAL_PARAMETER; diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 6527df8ce2..830b7237a2 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -1500,6 +1500,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) ERR_add_error_data(2, "SSL alert number ", tmp); s->shutdown |= SSL_RECEIVED_SHUTDOWN; SSL_CTX_remove_session(s->session_ctx, s->session); + s->state = SSL_ST_ERR; return (0); } else { al = SSL_AD_ILLEGAL_PARAMETER; @@ -1719,9 +1720,12 @@ int ssl3_send_alert(SSL *s, int level, int desc) * protocol_version alerts */ if (desc < 0) return -1; - /* If a fatal one, remove from cache */ - if ((level == 2) && (s->session != NULL)) - SSL_CTX_remove_session(s->session_ctx, s->session); + /* If a fatal one, remove from cache and go into the error state */ + if (level == SSL3_AL_FATAL) { + if (s->session != NULL) + SSL_CTX_remove_session(s->session_ctx, s->session); + s->state = SSL_ST_ERR; + } s->s3->alert_dispatch = 1; s->s3->send_alert[0] = level;