s_server: correctly handle 2^14 byte long records

Resolves: rhbz#2042011 Signed-off-by: Sahana Prasad <sahana@redhat.com>
3 years ago · 0a5c81da78
parent 922b5301ea
commit 0a5c81da78
2 changed files with 59 additions and 1 deletions
--- a/0048-correctly-handle-records.patch
+++ b/0048-correctly-handle-records.patch
@ -0,0 +1,52 @@
+diff -up openssl-3.0.1/apps/s_server.c.handle-records openssl-3.0.1/apps/s_server.c
+--- openssl-3.0.1/apps/s_server.c.handle-records	2022-02-03 15:26:16.803434943 +0100
+++ openssl-3.0.1/apps/s_server.c	2022-02-03 15:34:33.358298697 +0100
+@@ -2982,7 +2982,9 @@ static int www_body(int s, int stype, in
+     /* Set width for a select call if needed */
+     width = s + 1;
+ 
+-    buf = app_malloc(bufsize, "server www buffer");
+    /* as we use BIO_gets(), and it always null terminates data, we need
+     * to allocate 1 byte longer buffer to fit the full 2^14 byte record */
+    buf = app_malloc(bufsize + 1, "server www buffer");
+     io = BIO_new(BIO_f_buffer());
+     ssl_bio = BIO_new(BIO_f_ssl());
+     if ((io == NULL) || (ssl_bio == NULL))
+@@ -3047,7 +3049,7 @@ static int www_body(int s, int stype, in
+     }
+ 
+     for (;;) {
+-        i = BIO_gets(io, buf, bufsize - 1);
+        i = BIO_gets(io, buf, bufsize + 1);
+         if (i < 0) {            /* error */
+             if (!BIO_should_retry(io) && !SSL_waiting_for_async(con)) {
+                 if (!s_quiet)
+@@ -3112,7 +3114,7 @@ static int www_body(int s, int stype, in
+                  * we're expecting to come from the client. If they haven't
+                  * sent one there's not much we can do.
+                  */
+-                BIO_gets(io, buf, bufsize - 1);
+                BIO_gets(io, buf, bufsize + 1);
+             }
+ 
+             BIO_puts(io,
+@@ -3401,7 +3403,9 @@ static int rev_body(int s, int stype, in
+     SSL *con;
+     BIO *io, *ssl_bio, *sbio;
+ 
+-    buf = app_malloc(bufsize, "server rev buffer");
+    /* as we use BIO_gets(), and it always null terminates data, we need
+     * to allocate 1 byte longer buffer to fit the full 2^14 byte record */
+    buf = app_malloc(bufsize + 1, "server rev buffer");
+     io = BIO_new(BIO_f_buffer());
+     ssl_bio = BIO_new(BIO_f_ssl());
+     if ((io == NULL) || (ssl_bio == NULL))
+@@ -3476,7 +3480,7 @@ static int rev_body(int s, int stype, in
+     print_ssl_summary(con);
+ 
+     for (;;) {
+-        i = BIO_gets(io, buf, bufsize - 1);
+        i = BIO_gets(io, buf, bufsize + 1);
+         if (i < 0) {            /* error */
+             if (!BIO_should_retry(io)) {
+                 if (!s_quiet)
--- a/openssl.spec
+++ b/openssl.spec
@ -15,7 +15,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.0.1
-Release: 6%{?dist}
+Release: 7%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@ -71,6 +71,8 @@ Patch45: 0045-FIPS-services-minimize.patch
 Patch46: 0046-FIPS-s390x-hardening.patch
 # Execute KATS before HMAC verification
 Patch47: 0047-FIPS-early-KATS.patch
+# Backport of correctly handle 2^14 byte long records #17538
+Patch48: 0048-correctly-handle-records.patch

 License: ASL 2.0
 URL: http://www.openssl.org/
@ -399,6 +401,10 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs

 %changelog
+* Thu Feb 03 2022 Sahana Prasad <sahana@redhat.com> - 1:3.0.1-7
+- s_server: correctly handle 2^14 byte long records
+- Resolves: rhbz#2042011
+
 * Tue Feb 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-6
 - Adjust FIPS provider version
 - Related: rhbz#2026445