mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-05 14:10:53 +08:00
Code Issues Packages Projects Releases Wiki Activity
02b1636fe3
openssl/ssl
History
Peter Kaestle 02b1636fe3 ssl sigalg extension: fix NULL pointer dereference 
As the variable peer_sigalgslen is not cleared on ssl rehandshake, it's
possible to crash an openssl tls secured server remotely by sending a
manipulated hello message in a rehandshake.

On such a manipulated rehandshake, tls1_set_shared_sigalgs() calls
tls12_shared_sigalgs() with the peer_sigalgslen of the previous
handshake, while the peer_sigalgs has been freed.
As a result tls12_shared_sigalgs() walks over the available
peer_sigalgs and tries to access data of a NULL pointer.

This issue was introduced by c589c34e61 (Add support for the TLS 1.3
signature_algorithms_cert extension, 2018-01-11).

Signed-off-by: Peter Kästle <peter.kaestle@nokia.com>
Signed-off-by: Samuel Sapalski <samuel.sapalski@nokia.com>

CVE-2021-3449

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2021-03-25 09:48:08 +00:00
..
record Update copyright year 2021-02-18 15:05:17 +00:00
statem ssl sigalg extension: fix NULL pointer dereference 2021-03-25 09:48:08 +00:00
bio_ssl.c
build.info
d1_lib.c Update copyright year 2021-01-28 13:54:57 +01:00
d1_msg.c Update copyright year 2020-11-26 14:18:57 +00:00
d1_srtp.c
ktls.c Update copyright year 2021-01-28 13:54:57 +01:00
methods.c
pqueue.c Update copyright year 2020-11-26 14:18:57 +00:00
s3_cbc.c
s3_enc.c Remove all OPENSSL_NO_XXX from libssl where XXX is a crypto alg 2021-02-05 15:22:43 +00:00
s3_lib.c ssl: support params arguments to init functions 2021-03-12 08:27:11 +10:00
s3_msg.c Update copyright year 2020-11-26 14:18:57 +00:00
ssl_asn1.c Update copyright year 2020-11-26 14:18:57 +00:00
ssl_cert_table.h
ssl_cert.c Fix NULL access in ssl_build_cert_chain() when ctx is NULL. 2021-03-03 16:16:19 +10:00
ssl_ciph.c ssl: fix coverity 1451495: resource leak 2021-03-20 10:07:59 +10:00
ssl_conf.c Update copyright year 2021-02-18 15:05:17 +00:00
ssl_err_legacy.c
ssl_err.c Remove OPENSSL_NO_EC guards from libssl 2021-02-05 15:22:43 +00:00
ssl_init.c
ssl_lib.c Always check CRYPTO_LOCK_{read,write}_lock 2021-03-14 15:33:34 +10:00
ssl_local.h Deprecate the libssl level SRP APIs 2021-02-12 08:47:32 +00:00
ssl_mcnf.c
ssl_rsa_legacy.c
ssl_rsa.c ssl: coverity 1465527 - dereference after null check 2021-03-20 10:18:32 +10:00
ssl_sess.c Always check CRYPTO_LOCK_{read,write}_lock 2021-03-14 15:33:34 +10:00
ssl_stat.c
ssl_txt.c
ssl_utst.c
sslerr.h Make supported_groups code independent of EC and DH 2021-02-05 15:20:37 +00:00
t1_enc.c ssl: fix format specifier for size_t argument to BIO_printf 2021-03-13 16:08:33 +10:00
t1_lib.c Increase the upper limit on group name length 2021-03-11 20:11:04 +01:00
t1_trce.c Update copyright year 2021-02-18 15:05:17 +00:00
tls13_enc.c tls: adjust for extra argument to KDF derive call 2021-02-28 17:25:49 +10:00
tls_depr.c Remove OPENSSL_NO_DH guards from libssl 2021-02-05 15:20:36 +00:00
tls_srp.c Update copyright year 2021-02-18 15:05:17 +00:00