FreeBSD Bugzilla – Attachment 188825 Details for
Bug 224339
lang/erlang-runtime17: vulnerable to CVE-2017-1000385 [PATCH]
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
backport CVE-2017-1000385 from erlang-runtime18
0001-backport-CVE-2017-1000385-from-erlang-runtime18.patch (text/plain), 4.77 KB, created by
Stefan Grundmann
on 2017-12-14 13:54:54 UTC
(
hide
)
Description:
backport CVE-2017-1000385 from erlang-runtime18
Filename:
MIME Type:
Creator:
Stefan Grundmann
Created:
2017-12-14 13:54:54 UTC
Size:
4.77 KB
patch
obsolete
>From 13d6cd40472a342ac102e3e4f1782d18c998f8bd Mon Sep 17 00:00:00 2001 >From: Stefan Grundmann <sg2342@googlemail.com> >Date: Thu, 14 Dec 2017 13:36:19 +0000 >Subject: [PATCH] backport CVE-2017-1000385 from erlang-runtime18 > >--- > lang/erlang-runtime17/Makefile | 2 +- > .../files/patch-lib_ssl_src_ssl__connection.erl | 30 ++++++++++++++++++++++ > .../files/patch-lib_ssl_src_ssl__connection.hrl | 12 +++++++++ > .../files/patch-lib_ssl_src_tls__connection.erl | 10 ++++++++ > 4 files changed, 53 insertions(+), 1 deletion(-) > create mode 100644 lang/erlang-runtime17/files/patch-lib_ssl_src_ssl__connection.erl > create mode 100644 lang/erlang-runtime17/files/patch-lib_ssl_src_ssl__connection.hrl > create mode 100644 lang/erlang-runtime17/files/patch-lib_ssl_src_tls__connection.erl > >diff --git a/lang/erlang-runtime17/Makefile b/lang/erlang-runtime17/Makefile >index f066634c619e..aac3519c8464 100644 >--- a/lang/erlang-runtime17/Makefile >+++ b/lang/erlang-runtime17/Makefile >@@ -3,7 +3,7 @@ > > PORTNAME= erlang > PORTVERSION= 17.5.6.9 >-PORTREVISION= 6 >+PORTREVISION= 7 > CATEGORIES= lang parallel java > MASTER_SITES= http://www.erlang.org/download/:erlangorg \ > http://erlang.stacken.kth.se/download/:erlangorg \ >diff --git a/lang/erlang-runtime17/files/patch-lib_ssl_src_ssl__connection.erl b/lang/erlang-runtime17/files/patch-lib_ssl_src_ssl__connection.erl >new file mode 100644 >index 000000000000..8a8d93487cf5 >--- /dev/null >+++ b/lang/erlang-runtime17/files/patch-lib_ssl_src_ssl__connection.erl >@@ -0,0 +1,30 @@ >+--- lib/ssl/src/ssl_connection.erl.orig 2015-03-31 12:32:52.000000000 +0000 >++++ lib/ssl/src/ssl_connection.erl 2017-12-14 13:13:46.570861000 +0000 >+@@ -1135,8 +1135,25 @@ >+ request_client_cert(State2, Connection). >+ >+ certify_client_key_exchange(#encrypted_premaster_secret{premaster_secret= EncPMS}, >+- #state{private_key = Key} = State, Connection) -> >+- PremasterSecret = ssl_handshake:premaster_secret(EncPMS, Key), >++ #state{private_key = Key, client_hello_version = {Major, Minor} = Version } = State, Connection) -> >++ >++ %% Countermeasure for Bleichenbacher attack always provide some kind of premaster secret >++ %% and fail handshake later.RFC 5246 section 7.4.7.1. >++ PremasterSecret = >++ try ssl_handshake:premaster_secret(EncPMS, Key) of >++ Secret when erlang:byte_size(Secret) == ?NUM_OF_PREMASTERSECRET_BYTES -> >++ case Secret of >++ <<?BYTE(Major), ?BYTE(Minor), _/binary>> -> %% Correct >++ Secret; >++ <<?BYTE(_), ?BYTE(_), Rest/binary>> -> %% Version mismatch >++ <<?BYTE(Major), ?BYTE(Minor), Rest/binary>> >++ end; >++ _ -> %% erlang:byte_size(Secret) =/= ?NUM_OF_PREMASTERSECRET_BYTES >++ make_premaster_secret(Version, rsa) >++ catch >++ #alert{description = ?DECRYPT_ERROR} -> >++ make_premaster_secret(Version, rsa) >++ end, >+ calculate_master_secret(PremasterSecret, State, Connection, certify, cipher); >+ >+ certify_client_key_exchange(#client_diffie_hellman_public{dh_public = ClientPublicDhKey}, >diff --git a/lang/erlang-runtime17/files/patch-lib_ssl_src_ssl__connection.hrl b/lang/erlang-runtime17/files/patch-lib_ssl_src_ssl__connection.hrl >new file mode 100644 >index 000000000000..cb4b91907b7c >--- /dev/null >+++ b/lang/erlang-runtime17/files/patch-lib_ssl_src_ssl__connection.hrl >@@ -0,0 +1,12 @@ >+--- lib/ssl/src/ssl_connection.hrl.orig 2015-03-31 12:32:52.000000000 +0000 >++++ lib/ssl/src/ssl_connection.hrl 2017-12-14 13:18:02.736638000 +0000 >+@@ -53,7 +53,8 @@ >+ session :: #session{} | secret_printout(), >+ session_cache :: db_handle(), >+ session_cache_cb :: atom(), >+- negotiated_version :: ssl_record:ssl_version(), >++ negotiated_version :: ssl_record:ssl_version() | 'undefined', >++ client_hello_version :: ssl_record:ssl_version() | 'undefined', >+ client_certificate_requested = false :: boolean(), >+ key_algorithm :: ssl_cipher:key_algo(), >+ hashsign_algorithm = {undefined, undefined}, >diff --git a/lang/erlang-runtime17/files/patch-lib_ssl_src_tls__connection.erl b/lang/erlang-runtime17/files/patch-lib_ssl_src_tls__connection.erl >new file mode 100644 >index 000000000000..fd4eac923732 >--- /dev/null >+++ b/lang/erlang-runtime17/files/patch-lib_ssl_src_tls__connection.erl >@@ -0,0 +1,10 @@ >+--- lib/ssl/src/tls_connection.erl.orig 2015-03-31 12:32:52.000000000 +0000 >++++ lib/ssl/src/tls_connection.erl 2017-12-14 13:22:41.792681000 +0000 >+@@ -197,6 +197,7 @@ >+ ssl_connection:hello({common_client_hello, Type, ServerHelloExt, HashSign}, >+ State#state{connection_states = ConnectionStates, >+ negotiated_version = Version, >++ client_hello_version = ClientVersion, >+ session = Session, >+ client_ecc = {EllipticCurves, EcPointFormats}}, ?MODULE); >+ #alert{} = Alert -> >-- >2.15.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=188825">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 224339
: 188825