From 0a5c81da78ddb8b062ac404c7c896d20a15fc9de Mon Sep 17 00:00:00 2001 From: Sahana Prasad Date: Thu, 3 Feb 2022 15:36:38 +0100 Subject: [PATCH] s_server: correctly handle 2^14 byte long records Resolves: rhbz#2042011 Signed-off-by: Sahana Prasad --- 0048-correctly-handle-records.patch | 52 +++++++++++++++++++++++++++++ openssl.spec | 8 ++++- 2 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 0048-correctly-handle-records.patch diff --git a/0048-correctly-handle-records.patch b/0048-correctly-handle-records.patch new file mode 100644 index 0000000..ecbc09c --- /dev/null +++ b/0048-correctly-handle-records.patch @@ -0,0 +1,52 @@ +diff -up openssl-3.0.1/apps/s_server.c.handle-records openssl-3.0.1/apps/s_server.c +--- openssl-3.0.1/apps/s_server.c.handle-records 2022-02-03 15:26:16.803434943 +0100 ++++ openssl-3.0.1/apps/s_server.c 2022-02-03 15:34:33.358298697 +0100 +@@ -2982,7 +2982,9 @@ static int www_body(int s, int stype, in + /* Set width for a select call if needed */ + width = s + 1; + +- buf = app_malloc(bufsize, "server www buffer"); ++ /* as we use BIO_gets(), and it always null terminates data, we need ++ * to allocate 1 byte longer buffer to fit the full 2^14 byte record */ ++ buf = app_malloc(bufsize + 1, "server www buffer"); + io = BIO_new(BIO_f_buffer()); + ssl_bio = BIO_new(BIO_f_ssl()); + if ((io == NULL) || (ssl_bio == NULL)) +@@ -3047,7 +3049,7 @@ static int www_body(int s, int stype, in + } + + for (;;) { +- i = BIO_gets(io, buf, bufsize - 1); ++ i = BIO_gets(io, buf, bufsize + 1); + if (i < 0) { /* error */ + if (!BIO_should_retry(io) && !SSL_waiting_for_async(con)) { + if (!s_quiet) +@@ -3112,7 +3114,7 @@ static int www_body(int s, int stype, in + * we're expecting to come from the client. If they haven't + * sent one there's not much we can do. + */ +- BIO_gets(io, buf, bufsize - 1); ++ BIO_gets(io, buf, bufsize + 1); + } + + BIO_puts(io, +@@ -3401,7 +3403,9 @@ static int rev_body(int s, int stype, in + SSL *con; + BIO *io, *ssl_bio, *sbio; + +- buf = app_malloc(bufsize, "server rev buffer"); ++ /* as we use BIO_gets(), and it always null terminates data, we need ++ * to allocate 1 byte longer buffer to fit the full 2^14 byte record */ ++ buf = app_malloc(bufsize + 1, "server rev buffer"); + io = BIO_new(BIO_f_buffer()); + ssl_bio = BIO_new(BIO_f_ssl()); + if ((io == NULL) || (ssl_bio == NULL)) +@@ -3476,7 +3480,7 @@ static int rev_body(int s, int stype, in + print_ssl_summary(con); + + for (;;) { +- i = BIO_gets(io, buf, bufsize - 1); ++ i = BIO_gets(io, buf, bufsize + 1); + if (i < 0) { /* error */ + if (!BIO_should_retry(io)) { + if (!s_quiet) diff --git a/openssl.spec b/openssl.spec index 8c141e5..70d1271 100644 --- a/openssl.spec +++ b/openssl.spec @@ -15,7 +15,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 3.0.1 -Release: 6%{?dist} +Release: 7%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -71,6 +71,8 @@ Patch45: 0045-FIPS-services-minimize.patch Patch46: 0046-FIPS-s390x-hardening.patch # Execute KATS before HMAC verification Patch47: 0047-FIPS-early-KATS.patch +# Backport of correctly handle 2^14 byte long records #17538 +Patch48: 0048-correctly-handle-records.patch License: ASL 2.0 URL: http://www.openssl.org/ @@ -399,6 +401,10 @@ install -m644 %{SOURCE9} \ %ldconfig_scriptlets libs %changelog +* Thu Feb 03 2022 Sahana Prasad - 1:3.0.1-7 +- s_server: correctly handle 2^14 byte long records +- Resolves: rhbz#2042011 + * Tue Feb 01 2022 Dmitry Belyavskiy - 1:3.0.1-6 - Adjust FIPS provider version - Related: rhbz#2026445