kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
e951ff4fc3
boringssl/ssl
History
Adam Langley e951ff4fc3 Fix memory leak from zero-length DTLS fragments. 
The |pqueue_insert| function can fail if one attempts to insert a
duplicate sequence number. When handling a fragment of an out of
sequence message, |dtls1_process_out_of_seq_message| would not call
|dtls1_reassemble_fragment| if the fragment's length was zero. It would
then allocate a fresh fragment and attempt to insert it, but ignore the
return value, leaking the fragment.

This allows an attacker to exhaust the memory of a DTLS peer.

Fixes CVE-2014-3507

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>

(Imported from upstream's 8ca4c4b25e050b881f3aad7017052842b888722d.)

Change-Id: I387e3f6467a0041f6367965ed3c1ad4377b9ac08
Reviewed-on: https://boringssl-review.googlesource.com/1435
Reviewed-by: Adam Langley <agl@google.com>
2014-08-07 21:09:00 +00:00
..
pqueue Move public headers to include/openssl/ 2014-07-14 22:42:18 +00:00
test Retry sending record split fragment when SSL write fails. 2014-08-07 00:08:44 +00:00
CMakeLists.txt Add visibility rules. 2014-07-31 22:03:11 +00:00
d1_both.c Fix memory leak from zero-length DTLS fragments. 2014-08-07 21:09:00 +00:00
d1_clnt.c Remove ssl3_check_finished. 2014-07-23 15:52:38 +00:00
d1_enc.c Remove crypto/comp and SSL_COMP support code. 2014-06-24 17:22:06 +00:00
d1_lib.c DTLS: fix memory leak when allocation fails. 2014-06-26 17:46:27 -07:00
d1_meth.c Inital import. 2014-06-20 13:17:32 -07:00
d1_pkt.c Remove OPENSSL_NO_TLS{,1} 2014-08-04 19:20:19 +00:00
d1_srtp.c Fix typo in DTLS-SRTP extension parsing. 2014-07-18 00:52:51 +00:00
d1_srvr.c Fix server-side ClientHello state machine. 2014-08-05 18:07:13 +00:00
s3_both.c Remove use of freelist_{extract,insert} 2014-08-04 20:14:51 +00:00
s3_cbc.c Remove OPENSSL_NO_SHA512 2014-08-04 20:13:54 +00:00
s3_clnt.c Add X509_up_ref and use it internally. 2014-08-07 00:06:34 +00:00
s3_enc.c Remove support code for export cipher suites. 2014-07-24 21:14:08 +00:00
s3_lib.c Remove remnants of OPENSSL_NO_CAMELLIA 2014-08-04 19:19:35 +00:00
s3_meth.c Inital import. 2014-06-20 13:17:32 -07:00
s3_pkt.c Retry sending record split fragment when SSL write fails. 2014-08-07 00:08:44 +00:00
s3_srvr.c Fix memory leak in ssl3_get_cert_verify. 2014-08-05 18:07:32 +00:00
s23_clnt.c Remove OPENSSL_MAX_TLS1_2_CIPHER_LENGTH. 2014-08-04 19:00:30 +00:00
s23_lib.c Remove some remnants of SSLv2 support. 2014-07-24 21:10:41 +00:00
s23_meth.c Remove OPENSSL_NO_TLS{,1} 2014-08-04 19:20:19 +00:00
s23_pkt.c Inital import. 2014-06-20 13:17:32 -07:00
s23_srvr.c Remove OPENSSL_FIPS blocks. 2014-07-07 20:31:50 +00:00
ssl_algs.c Inital import. 2014-06-20 13:17:32 -07:00
ssl_asn1.c unifdef OPENSSL_NO_PSK. 2014-07-24 21:11:05 +00:00
ssl_cert.c Don't X509_up_ref X509_STOREs. 2014-08-07 02:44:31 +00:00
ssl_ciph.c Make disabling last cipher work. 2014-07-28 17:05:13 -07:00
ssl_error.c Change CCS_OK to EXPECT_CCS. 2014-07-25 17:58:58 +00:00
ssl_lib.c Add X509_up_ref and use it internally. 2014-08-07 00:06:34 +00:00
ssl_locl.h Set OPENSSL_NO_BUF_FREELISTS 2014-08-04 20:14:33 +00:00
ssl_rsa.c Add X509_up_ref and use it internally. 2014-08-07 00:06:34 +00:00
ssl_sess.c unifdef OPENSSL_NO_PSK. 2014-07-24 21:11:05 +00:00
ssl_stat.c Consolidate CCS_OK paths in s3_clnt.c. 2014-07-25 17:49:12 +00:00
ssl_test.c Fix magic SSL reason codes. 2014-07-16 18:54:06 +00:00
ssl_txt.c unifdef OPENSSL_NO_PSK. 2014-07-24 21:11:05 +00:00
t1_clnt.c Inital import. 2014-06-20 13:17:32 -07:00
t1_enc.c Remove support code for export cipher suites. 2014-07-24 21:14:08 +00:00
t1_lib.c Remove OPENSSL_NO_SHA512 2014-08-04 20:13:54 +00:00
t1_meth.c Inital import. 2014-06-20 13:17:32 -07:00
t1_reneg.c Port ssl3_get_client_hello to CBS. 2014-07-15 18:30:09 +00:00
t1_srvr.c Inital import. 2014-06-20 13:17:32 -07:00