jj1bdx/patch-and-rebuild.md

## patch-and-rebuild.md

      
    Raw
  

              patch-and-rebuild.md
            
          
    From FreeBSD-announce mailing list

(See http://lists.freebsd.org/pipermail/freebsd-announce/2014-April/001541.html)
FreeBSD port security/openssl have been patched on 2014-04-07 21:46:40
UTC (head, r350548) and 2014-04-07 21:48:07 UTC (branches/2014Q2, r350549).
FreeBSD base system have been patched on 2014-04-08 18:27:32 UTC (head,
r264265), 2014-04-08 18:27:39 UTC (stable/10, r264266), 2014-04-08
18:27:46 UTC (releng/10.0, r264267).  The update is available with
freebsd-update.  All other supported FreeBSD branches are not affected
by this issue.
Users who use TLS client and/or server are strongly advised to apply
updates immediately.
Because of the nature of this issue, it's also recommended for system
administrators to consider revoking all of server certificate, client
certificate and keys that is used with these systems and invalidate
active authentication credentials with a forced passphrase change.
NOTE: the following contents are listed only for reference purpose only. Apply FreeBSD update and the Port update NOW on your OpenSSL code.

What this patch kit is

(Patch source: http://lists.freebsd.org/pipermail/freebsd-security/2014-April/007405.html (Thanks Xin Li))
This patch is applicable to 10.0-STABLE base r264247 (and will be applicable to other 10.0 userland source sets.)
To make this patch effective, rebuilding needed from the source, and/or rebooting the system. Minimal procedure:
cd /usr/src
umask 0022
patch < downloaded/xinli-heartbleed-patch.txt
# export CCACHE_DISABLE=yes NOCCACHE=yes
make buildworld

See http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html for the further details.
Note: update the Port OpenSSL as well! portsnap fetch && portsnap update && portmaster security/openssl

  
## xinli-heartbleed-patch.txt
See http://lists.freebsd.org/pipermail/freebsd-security/2014-April/007405.html
Index: crypto/openssl/ssl/d1_both.c
===================================================================
--- crypto/openssl/ssl/d1_both.c	(revision 264059)
+++ crypto/openssl/ssl/d1_both.c	(working copy)
@@ -1458,26 +1458,36 @@ dtls1_process_heartbeat(SSL *s)
 	unsigned int payload;
 	unsigned int padding = 16; /* Use minimum padding */

+	if (s->msg_callback)
+		s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+			&s->s3->rrec.data[0], s->s3->rrec.length,
+			s, s->msg_callback_arg);
+
 	/* Read type and payload length first */
+	if (1 + 2 + 16 > s->s3->rrec.length)
+		return 0; /* silently discard */
 	hbtype = *p++;
 	n2s(p, payload);
+	if (1 + 2 + payload + 16 > s->s3->rrec.length)
+		return 0; /* silently discard per RFC 6520 sec. 4 */
 	pl = p;

-	if (s->msg_callback)
-		s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
-			&s->s3->rrec.data[0], s->s3->rrec.length,
-			s, s->msg_callback_arg);
-
 	if (hbtype == TLS1_HB_REQUEST)
 		{
 		unsigned char *buffer, *bp;
+		unsigned int write_length = 1 /* heartbeat type */ +
+					    2 /* heartbeat length */ +
+					    payload + padding;
 		int r;

+		if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
+			return 0;
+
 		/* Allocate memory for the response, size is 1 byte
 		 * message type, plus 2 bytes payload length, plus
 		 * payload, plus padding
 		 */
-		buffer = OPENSSL_malloc(1 + 2 + payload + padding);
+		buffer = OPENSSL_malloc(write_length);
 		bp = buffer;

 		/* Enter response type, length and copy payload */
@@ -1488,11 +1498,11 @@ dtls1_process_heartbeat(SSL *s)
 		/* Random padding */
 		RAND_pseudo_bytes(bp, padding);

-		r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
+		r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);

 		if (r >= 0 && s->msg_callback)
 			s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
-				buffer, 3 + payload + padding,
+				buffer, write_length,
 				s, s->msg_callback_arg);

 		OPENSSL_free(buffer);
Index: crypto/openssl/ssl/t1_lib.c
===================================================================
--- crypto/openssl/ssl/t1_lib.c	(revision 264059)
+++ crypto/openssl/ssl/t1_lib.c	(working copy)
@@ -2486,16 +2486,20 @@ tls1_process_heartbeat(SSL *s)
 	unsigned int payload;
 	unsigned int padding = 16; /* Use minimum padding */

+	if (s->msg_callback)
+		s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+			&s->s3->rrec.data[0], s->s3->rrec.length,
+			s, s->msg_callback_arg);
+
 	/* Read type and payload length first */
+	if (1 + 2 + 16 > s->s3->rrec.length)
+		return 0; /* silently discard */
 	hbtype = *p++;
 	n2s(p, payload);
+	if (1 + 2 + payload + 16 > s->s3->rrec.length)
+		return 0; /* silently discard per RFC 6520 sec. 4 */
 	pl = p;

-	if (s->msg_callback)
-		s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
-			&s->s3->rrec.data[0], s->s3->rrec.length,
-			s, s->msg_callback_arg);
-
 	if (hbtype == TLS1_HB_REQUEST)
 		{
 		unsigned char *buffer, *bp;
	See http://lists.freebsd.org/pipermail/freebsd-security/2014-April/007405.html
	Index: crypto/openssl/ssl/d1_both.c
	===================================================================
	--- crypto/openssl/ssl/d1_both.c (revision 264059)
	+++ crypto/openssl/ssl/d1_both.c (working copy)
	@@ -1458,26 +1458,36 @@ dtls1_process_heartbeat(SSL *s)
	unsigned int payload;
	unsigned int padding = 16; /* Use minimum padding */

	+ if (s->msg_callback)
	+ s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
	+ &s->s3->rrec.data[0], s->s3->rrec.length,
	+ s, s->msg_callback_arg);
	+
	/* Read type and payload length first */
	+ if (1 + 2 + 16 > s->s3->rrec.length)
	+ return 0; /* silently discard */
	hbtype = *p++;
	n2s(p, payload);
	+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
	+ return 0; /* silently discard per RFC 6520 sec. 4 */
	pl = p;

	- if (s->msg_callback)
	- s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
	- &s->s3->rrec.data[0], s->s3->rrec.length,
	- s, s->msg_callback_arg);
	-
	if (hbtype == TLS1_HB_REQUEST)
	{
	unsigned char buffer, bp;
	+ unsigned int write_length = 1 /* heartbeat type */ +
	+ 2 /* heartbeat length */ +
	+ payload + padding;
	int r;

	+ if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
	+ return 0;
	+
	/* Allocate memory for the response, size is 1 byte
	* message type, plus 2 bytes payload length, plus
	* payload, plus padding
	*/
	- buffer = OPENSSL_malloc(1 + 2 + payload + padding);
	+ buffer = OPENSSL_malloc(write_length);
	bp = buffer;

	/* Enter response type, length and copy payload */
	@@ -1488,11 +1498,11 @@ dtls1_process_heartbeat(SSL *s)
	/* Random padding */
	RAND_pseudo_bytes(bp, padding);

	- r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
	+ r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);

	if (r >= 0 && s->msg_callback)
	s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
	- buffer, 3 + payload + padding,
	+ buffer, write_length,
	s, s->msg_callback_arg);

	OPENSSL_free(buffer);
	Index: crypto/openssl/ssl/t1_lib.c
	===================================================================
	--- crypto/openssl/ssl/t1_lib.c (revision 264059)
	+++ crypto/openssl/ssl/t1_lib.c (working copy)
	@@ -2486,16 +2486,20 @@ tls1_process_heartbeat(SSL *s)
	unsigned int payload;
	unsigned int padding = 16; /* Use minimum padding */

	+ if (s->msg_callback)
	+ s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
	+ &s->s3->rrec.data[0], s->s3->rrec.length,
	+ s, s->msg_callback_arg);
	+
	/* Read type and payload length first */
	+ if (1 + 2 + 16 > s->s3->rrec.length)
	+ return 0; /* silently discard */
	hbtype = *p++;
	n2s(p, payload);
	+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
	+ return 0; /* silently discard per RFC 6520 sec. 4 */
	pl = p;

	- if (s->msg_callback)
	- s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
	- &s->s3->rrec.data[0], s->s3->rrec.length,
	- s, s->msg_callback_arg);
	-
	if (hbtype == TLS1_HB_REQUEST)
	{
	unsigned char buffer, bp;