SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   OpenSSL Vendors:   OpenSSL.org
(Patches for Earlier Versions are Available) Re: OpenSSL Has Multiple Buffer Overflows That Allow Remote Users to Execute Arbitrary Code with Root Privileges
SecurityTracker Alert ID:  1004880
SecurityTracker URL:  http://securitytracker.com/id/1004880
CVE Reference:   CVE-2002-0655, CVE-2002-0656, CVE-2002-0657, CVE-2002-0659   (Links to External Site)
Date:  Jul 30 2002
Impact:   Denial of service via network, Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.9.6d or earlier, 0.9.7-beta2 or earlier, 0.9.7 current development snapshots
Description:   Four buffer overflow conditions were reported in OpenSSL. All four may allow a remote user to execute arbitrary code.

The vendor has reported that A.L. Digital Ltd and The Bunker have uncovered multiple buffer overflows in OpenSSL, discovered during a security review.

A remote user could create a specially crafted, oversized client master key and use SSL2 to trigger an overflow on an SSL server. According to the report, this vulnerability was independently discovered by Neohapsis, which has confirmed that the overflow can be exploited to execute arbitrary code.

A remote user with an SSL server could create a specially crafted, oversized session ID and supply this ID to a target client using SSL3 to trigger an overflow.

A remote user could supply a specially crafted, oversized master key to an SSL3 server to trigger an overflow. It is reported that this flaw affects OpenSSL 0.9.7 prior to version 0.9.7-beta3 when Kerberos is enabled.

Several buffers used for ASCII representations of integers are reportedly too small on 64 bit platforms.

The report also states that other potential buffer overflows that are currently considered to be non-exploitable have been discovered.

The vendor notes that Adi Stav and James Yonan independently reported that the ASN1 parser can be confused by certain invalid encodings, potentially allowing a remote user to cause denial of service conditions. An OpenSSL-based application that use the ASN1 library to parse untrusted data (including all SSL or TLS applications using S/MIME [PKCS#7] or certificate generation routines) are affected.

Impact:   A remote user acting as an SSL client could execute arbitrary code on an SSL server. A remote user acting as an SSL server could cause arbitrary code to be executed on an SSL client that is connecting to the server. In each case, the code would run with privileges of the affected implementation.

A remote user may be able cause denial of service conditions.

Solution:   Some additional [unofficial] patches have been provided. The patch for 0.9.7 is supplied by Ben Laurie <ben@algroup.co.uk> and the remainder by Vincent Danen. The patches are for 0.9.5a, 0.9.6 (use 0.9.6b patch), 0.9.6b, 0.9.6c, 0.9.7-dev, and are available in the Source Message.

The author of the report notes that hese patches are known to apply correctly but have not been thoroughly tested.

Vendor URL:  www.openssl.org/news/secadv_20020730.txt (Links to External Site)
Cause:   Boundary error, Exception handling error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Jul 30 2002 OpenSSL Has Multiple Buffer Overflows That Allow Remote Users to Execute Arbitrary Code with Root Privileges



 Source Message Contents

Subject:  OpenSSL patches for other versions


--------------040702070909050702020402
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Enclosed are patches for today's OpenSSL security alert which apply to
other versions. The patch for 0.9.7 is supplied by Ben Laurie
<ben@algroup.co.uk> and the remainder by Vincent Danen (email not
supplied).

Patches are for 0.9.5a, 0.9.6 (use 0.9.6b patch), 0.9.6b, 0.9.6c, 0.9.7-dev.

These patches are known to apply correctly but have not been
thoroughly tested.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

Available for contract work.

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

--------------040702070909050702020402
Content-Type: text/plain;
 name="openssl-0.9.5a-security.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="openssl-0.9.5a-security.patch"

--- crypto/cryptlib.c.orig	Fri Nov 23 13:57:59 2001
+++ crypto/cryptlib.c	Fri Jul 26 10:43:56 2002
@@ -491,3 +491,11 @@
 #endif
 
 #endif
+
+void OpenSSLDie(const char *file,int line,const char *assertion)
+    {
+    fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
+	    file,line,assertion);
+    abort();
+    }
+
--- crypto/cryptlib.h.orig	Tue May  2 06:35:04 2000
+++ crypto/cryptlib.h	Fri Jul 26 10:43:56 2002
@@ -89,6 +89,14 @@
 #define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
 #define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
 
+/* size of string represenations */
+#define DECIMAL_SIZE(type)     ((sizeof(type)*8+2)/3+1)
+#define HEX_SIZE(type)         ((sizeof(type)*2)
+
+/* die if we have to */
+void OpenSSLDie(const char *file,int line,const char *assertion);
+#define die(e)	((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
+
 #ifdef  __cplusplus
 }
 #endif
--- crypto/asn1/asn1_lib.c.orig	Fri Mar 30 06:42:32 2001
+++ crypto/asn1/asn1_lib.c	Fri Jul 26 10:43:56 2002
@@ -407,7 +407,7 @@
 
 void asn1_add_error(unsigned char *address, int offset)
 	{
-	char buf1[16],buf2[16];
+	char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
 
 	sprintf(buf1,"%lu",(unsigned long)address);
 	sprintf(buf2,"%d",offset);
--- crypto/conf/conf.c.orig	Sun Jan 30 15:19:51 2000
+++ crypto/conf/conf.c	Fri Jul 26 13:17:49 2002
@@ -64,7 +64,7 @@
 #include <openssl/conf.h>
 #include <openssl/buffer.h>
 #include <openssl/err.h>
-
+#include "cryptlib.h"
 #include "conf_lcl.h"
 
 static void value_free_hash(CONF_VALUE *a, LHASH *conf);
@@ -123,12 +123,12 @@
 	{
 	LHASH *ret=NULL;
 #define BUFSIZE	512
-	char btmp[16];
 	int bufnum=0,i,ii;
 	BUF_MEM *buff=NULL;
 	char *s,*p,*end;
 	int again,n;
 	long eline=0;
+	char btmp[DECIMAL_SIZE(eline)+1];
 	CONF_VALUE *v=NULL,*vv,*tv;
 	CONF_VALUE *sv=NULL;
 	char *section=NULL,*buf;
--- crypto/objects/obj_dat.c.orig	Mon Sep  4 09:34:35 2000
+++ crypto/objects/obj_dat.c	Fri Jul 26 10:43:56 2002
@@ -428,7 +428,7 @@
 	unsigned long l;
 	unsigned char *p;
 	const char *s;
-	char tbuf[32];
+	char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
 
 	if (buf_len <= 0) return(0);
 
--- ssl/s2_clnt.c.orig	Sat Nov 10 03:43:51 2001
+++ ssl/s2_clnt.c	Fri Jul 26 10:43:56 2002
@@ -116,6 +116,7 @@
 #include <openssl/buffer.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#include "cryptlib.h"
 
 static SSL_METHOD *ssl2_get_client_method(int ver);
 static int get_server_finished(SSL *s);
@@ -517,6 +518,7 @@
 		}
 		
 	s->s2->conn_id_length=s->s2->tmp.conn_id_length;
+	die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
 	memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
 	return(1);
 	}
@@ -618,6 +620,7 @@
 		/* make key_arg data */
 		i=EVP_CIPHER_iv_length(c);
 		sess->key_arg_length=i;
+		die(i <= SSL_MAX_KEY_ARG_LENGTH);
 		if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
 
 		/* make a master key */
@@ -625,6 +628,7 @@
 		sess->master_key_length=i;
 		if (i > 0)
 			{
+			die(i <= sizeof sess->master_key);
 			if (RAND_bytes(sess->master_key,i) <= 0)
 				{
 				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@@ -668,6 +672,7 @@
 		d+=enc;
 		karg=sess->key_arg_length;	
 		s2n(karg,p); /* key arg size */
+		die(karg <= sizeof sess->key_arg);
 		memcpy(d,sess->key_arg,(unsigned int)karg);
 		d+=karg;
 
@@ -688,6 +693,7 @@
 		{
 		p=(unsigned char *)s->init_buf->data;
 		*(p++)=SSL2_MT_CLIENT_FINISHED;
+		die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
 		memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
 
 		s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -944,6 +950,8 @@
 		{
 		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
 			{
+			die(s->session->session_id_length
+			    <= sizeof s->session->session_id);
 			if (memcmp(buf,s->session->session_id,
 				(unsigned int)s->session->session_id_length) != 0)
 				{
--- ssl/s2_lib.c.orig	Tue Dec 26 05:06:47 2000
+++ ssl/s2_lib.c	Fri Jul 26 10:52:20 2002
@@ -62,6 +62,7 @@
 #include <openssl/rsa.h>
 #include <openssl/objects.h>
 #include <openssl/md5.h>
+#include "cryptlib.h"
 
 static long ssl2_default_timeout(void );
 const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@@ -425,10 +426,14 @@
 #endif
 
 	km=s->s2->key_material;
+	die(s->s2->key_material_length <= sizeof s->s2->key_material);
 	for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
 		{
 		MD5_Init(&ctx);
-
+		
+		die(s->session->master_key_length >= 0
+		    && s->session->master_key_length
+		    < sizeof s->session->master_key);
 		MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
 		MD5_Update(&ctx,&c,1);
 		c++;
@@ -463,6 +468,7 @@
 /*	state=s->rwstate;*/
 	error=s->error;
 	s->error=0;
+	die(error >= 0 && error <= 3);
 	i=ssl2_write(s,&(buf[3-error]),error);
 /*	if (i == error) s->rwstate=state; */
 
--- ssl/s2_srvr.c.orig	Mon Jul  9 08:11:04 2001
+++ ssl/s2_srvr.c	Fri Jul 26 12:11:39 2002
@@ -63,6 +63,7 @@
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#include "cryptlib.h"
 
 static SSL_METHOD *ssl2_get_server_method(int ver);
 static int get_client_master_key(SSL *s);
@@ -361,12 +362,19 @@
 		n2s(p,i); s->s2->tmp.clear=i;
 		n2s(p,i); s->s2->tmp.enc=i;
 		n2s(p,i); s->session->key_arg_length=i;
+		if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
+		        {
+		        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+		                   SSL_R_KEY_ARG_TOO_LONG);
+		        return -1;
+		        }
 		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
 		s->init_num=0;
 		}
 
 	/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
 	p=(unsigned char *)s->init_buf->data;
+	die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
 	keya=s->session->key_arg_length;
 	n=s->s2->tmp.clear+s->s2->tmp.enc+keya - s->init_num;
 	i=ssl2_read(s,(char *)&(p[s->init_num]),n);
@@ -440,6 +448,7 @@
 #endif
 
 	if (is_export) i+=s->s2->tmp.clear;
+	die(i <= SSL_MAX_MASTER_KEY_LENGTH);
 	s->session->master_key_length=i;
 	memcpy(s->session->master_key,p,(unsigned int)i);
 	return(1);
@@ -580,6 +589,7 @@
 	p+=s->s2->tmp.session_id_length;
 
 	/* challenge */
+	die(s->s2->challenge_length <= sizeof s->s2->challenge);
 	memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
 	return(1);
 mem_err:
@@ -730,6 +740,7 @@
 		}
 
 	/* SSL2_ST_GET_CLIENT_FINISHED_B */
+	die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
 	i=ssl2_read(s,(char *)&(p[s->init_num]),s->s2->conn_id_length-s->init_num);
 	if (i < (int)s->s2->conn_id_length-s->init_num)
 		{
@@ -752,6 +763,7 @@
 		{
 		p=(unsigned char *)s->init_buf->data;
 		*(p++)=SSL2_MT_SERVER_VERIFY;
+		die(s->s2->challenge_length <= sizeof s->s2->challenge);
 		memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
 		/* p+=s->s2->challenge_length; */
 
@@ -771,6 +783,8 @@
 		p=(unsigned char *)s->init_buf->data;
 		*(p++)=SSL2_MT_SERVER_FINISHED;
 
+		die(s->session->session_id_length
+		    <= sizeof s->session->session_id);
 		memcpy(p,s->session->session_id,
 			(unsigned int)s->session->session_id_length);
 		/* p+=s->session->session_id_length; */
--- ssl/s3_clnt.c.orig	Thu Oct 25 02:18:54 2001
+++ ssl/s3_clnt.c	Fri Jul 26 10:56:23 2002
@@ -64,6 +64,7 @@
 #include <openssl/sha.h>
 #include <openssl/evp.h>
 #include "ssl_locl.h"
+#include "cryptlib.h"
 
 static SSL_METHOD *ssl3_get_client_method(int ver);
 static int ssl3_client_hello(SSL *s);
@@ -492,6 +493,7 @@
 		*(p++)=i;
 		if (i != 0)
 			{
+			die(i <= sizeof s->session->session_id);
 			memcpy(p,s->session->session_id,i);
 			p+=i;
 			}
@@ -572,6 +574,14 @@
 
 	/* get the session-id */
 	j= *(p++);
+
+       if(j > sizeof s->session->session_id)
+               {
+               al=SSL_AD_ILLEGAL_PARAMETER;
+               SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+                      SSL_R_SSL3_SESSION_ID_TOO_LONG);
+               goto f_err;
+               }
 
 	if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
 		{
--- ssl/ssl.h.orig	Mon Dec 17 12:24:39 2001
+++ ssl/ssl.h	Fri Jul 26 11:36:19 2002
@@ -1423,6 +1423,7 @@
 #define SSL_R_INVALID_COMMAND				 280
 #define SSL_R_INVALID_PURPOSE				 278
 #define SSL_R_INVALID_TRUST				 279
+#define SSL_R_KEY_ARG_TOO_LONG				 1112
 #define SSL_R_LENGTH_MISMATCH				 159
 #define SSL_R_LENGTH_TOO_SHORT				 160
 #define SSL_R_LIBRARY_BUG				 274
@@ -1491,6 +1492,7 @@
 #define SSL_R_SHORT_READ				 219
 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220
 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221
+#define SSL_R_SSL3_SESSION_ID_TOO_LONG			 1113
 #define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 222
 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042
 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		 1020
--- ssl/ssl_asn1.c.orig	Thu Jun  1 16:19:19 2000
+++ ssl/ssl_asn1.c	Fri Jul 26 11:37:53 2002
@@ -62,6 +62,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include "ssl_locl.h"
+#include "cryptlib.h"
 
 typedef struct ssl_session_asn1_st
 	{
@@ -275,6 +276,7 @@
 		os.length=i;
 
 	ret->session_id_length=os.length;
+	die(os.length <= sizeof ret->session_id);
 	memcpy(ret->session_id,os.data,os.length);
 
 	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
--- ssl/ssl_err.c.orig	Fri Nov  9 18:15:29 2001
+++ ssl/ssl_err.c	Fri Jul 26 11:39:21 2002
@@ -1,6 +1,6 @@
 /* ssl/ssl_err.c */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -275,6 +275,7 @@
 {SSL_R_INVALID_COMMAND                   ,"invalid command"},
 {SSL_R_INVALID_PURPOSE                   ,"invalid purpose"},
 {SSL_R_INVALID_TRUST                     ,"invalid trust"},
+{SSL_R_KEY_ARG_TOO_LONG                  ,"key arg too long"},
 {SSL_R_LENGTH_MISMATCH                   ,"length mismatch"},
 {SSL_R_LENGTH_TOO_SHORT                  ,"length too short"},
 {SSL_R_LIBRARY_BUG                       ,"library bug"},
@@ -343,6 +344,7 @@
 {SSL_R_SHORT_READ                        ,"short read"},
 {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
 {SSL_R_SSL23_DOING_SESSION_ID_REUSE      ,"ssl23 doing session id reuse"},
+{SSL_R_SSL3_SESSION_ID_TOO_LONG          ,"ssl3 session id too long"},
 {SSL_R_SSL3_SESSION_ID_TOO_SHORT         ,"ssl3 session id too short"},
 {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE       ,"sslv3 alert bad certificate"},
 {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC        ,"sslv3 alert bad record mac"},
--- ssl/ssl_sess.c.orig	Wed Nov 29 11:12:32 2000
+++ ssl/ssl_sess.c	Fri Jul 26 10:43:56 2002
@@ -60,6 +60,7 @@
 #include <openssl/lhash.h>
 #include <openssl/rand.h>
 #include "ssl_locl.h"
+#include "cryptlib.h"
 
 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
 static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
@@ -199,6 +200,7 @@
 		ss->session_id_length=0;
 		}
 
+	die(s->sid_ctx_length <= sizeof ss->sid_ctx);
 	memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
 	ss->sid_ctx_length=s->sid_ctx_length;
 	s->session=ss;
--- ssl/s3_srvr.c.orig	Thu Oct 25 02:18:56 2001
+++ ssl/s3_srvr.c	Fri Jul 26 11:27:08 2002
@@ -122,6 +122,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include "ssl_locl.h"
+#include "cryptlib.h"
 
 static SSL_METHOD *ssl3_get_server_method(int ver);
 static int ssl3_get_client_hello(SSL *s);
@@ -942,6 +943,7 @@
 			s->session->session_id_length=0;
 
 		sl=s->session->session_id_length;
+		die(sl <= sizeof s->session->session_id);
 		*(p++)=sl;
 		memcpy(p,s->session->session_id,sl);
 		p+=sl;

--------------040702070909050702020402
Content-Type: text/plain;
 name="openssl-0.9.6b-security.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="openssl-0.9.6b-security.patch"

--- crypto/cryptlib.c.orig	Fri Nov 23 13:57:59 2001
+++ crypto/cryptlib.c	Fri Jul 26 10:43:56 2002
@@ -491,3 +491,11 @@
 #endif
 
 #endif
+
+void OpenSSLDie(const char *file,int line,const char *assertion)
+    {
+    fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
+	    file,line,assertion);
+    abort();
+    }
+
--- crypto/cryptlib.h.orig	Tue May  2 06:35:04 2000
+++ crypto/cryptlib.h	Fri Jul 26 10:43:56 2002
@@ -89,6 +89,14 @@
 #define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
 #define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
 
+/* size of string represenations */
+#define DECIMAL_SIZE(type)     ((sizeof(type)*8+2)/3+1)
+#define HEX_SIZE(type)         ((sizeof(type)*2)
+
+/* die if we have to */
+void OpenSSLDie(const char *file,int line,const char *assertion);
+#define die(e)	((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
+
 #ifdef  __cplusplus
 }
 #endif
--- crypto/asn1/asn1_lib.c.orig	Fri Mar 30 06:42:32 2001
+++ crypto/asn1/asn1_lib.c	Fri Jul 26 10:43:56 2002
@@ -407,7 +407,7 @@
 
 void asn1_add_error(unsigned char *address, int offset)
 	{
-	char buf1[16],buf2[16];
+	char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
 
 	sprintf(buf1,"%lu",(unsigned long)address);
 	sprintf(buf2,"%d",offset);
--- crypto/conf/conf_def.c.orig	Tue Jun  6 09:21:12 2000
+++ crypto/conf/conf_def.c	Fri Jul 26 10:43:56 2002
@@ -67,6 +67,7 @@
 #include "conf_def.h"
 #include <openssl/buffer.h>
 #include <openssl/err.h>
+#include "cryptlib.h"
 
 static char *eat_ws(CONF *conf, char *p);
 static char *eat_alpha_numeric(CONF *conf, char *p);
@@ -180,12 +181,12 @@
 static int def_load(CONF *conf, BIO *in, long *line)
 	{
 #define BUFSIZE	512
-	char btmp[16];
 	int bufnum=0,i,ii;
 	BUF_MEM *buff=NULL;
 	char *s,*p,*end;
 	int again,n;
 	long eline=0;
+	char btmp[DECIMAL_SIZE(eline)+1];
 	CONF_VALUE *v=NULL,*tv;
 	CONF_VALUE *sv=NULL;
 	char *section=NULL,*buf;
--- crypto/objects/obj_dat.c.orig	Mon Sep  4 09:34:35 2000
+++ crypto/objects/obj_dat.c	Fri Jul 26 10:43:56 2002
@@ -428,7 +428,7 @@
 	unsigned long l;
 	unsigned char *p;
 	const char *s;
-	char tbuf[32];
+	char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
 
 	if (buf_len <= 0) return(0);
 
--- ssl/s2_clnt.c.orig	Sat Nov 10 03:43:51 2001
+++ ssl/s2_clnt.c	Fri Jul 26 10:43:56 2002
@@ -116,6 +116,7 @@
 #include <openssl/buffer.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#include "cryptlib.h"
 
 static SSL_METHOD *ssl2_get_client_method(int ver);
 static int get_server_finished(SSL *s);
@@ -517,6 +518,7 @@
 		}
 		
 	s->s2->conn_id_length=s->s2->tmp.conn_id_length;
+	die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
 	memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
 	return(1);
 	}
@@ -618,6 +620,7 @@
 		/* make key_arg data */
 		i=EVP_CIPHER_iv_length(c);
 		sess->key_arg_length=i;
+		die(i <= SSL_MAX_KEY_ARG_LENGTH);
 		if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
 
 		/* make a master key */
@@ -625,6 +628,7 @@
 		sess->master_key_length=i;
 		if (i > 0)
 			{
+			die(i <= sizeof sess->master_key);
 			if (RAND_bytes(sess->master_key,i) <= 0)
 				{
 				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@@ -668,6 +672,7 @@
 		d+=enc;
 		karg=sess->key_arg_length;	
 		s2n(karg,p); /* key arg size */
+		die(karg <= sizeof sess->key_arg);
 		memcpy(d,sess->key_arg,(unsigned int)karg);
 		d+=karg;
 
@@ -688,6 +693,7 @@
 		{
 		p=(unsigned char *)s->init_buf->data;
 		*(p++)=SSL2_MT_CLIENT_FINISHED;
+		die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
 		memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
 
 		s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -944,6 +950,8 @@
 		{
 		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
 			{
+			die(s->session->session_id_length
+			    <= sizeof s->session->session_id);
 			if (memcmp(buf,s->session->session_id,
 				(unsigned int)s->session->session_id_length) != 0)
 				{
--- ssl/s2_lib.c.orig	Tue Dec 26 05:06:47 2000
+++ ssl/s2_lib.c	Fri Jul 26 10:52:20 2002
@@ -62,6 +62,7 @@
 #include <openssl/rsa.h>
 #include <openssl/objects.h>
 #include <openssl/md5.h>
+#include "cryptlib.h"
 
 static long ssl2_default_timeout(void );
 const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@@ -425,10 +426,14 @@
 #endif
 
 	km=s->s2->key_material;
+	die(s->s2->key_material_length <= sizeof s->s2->key_material);
 	for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
 		{
 		MD5_Init(&ctx);
-
+		
+		die(s->session->master_key_length >= 0
+		    && s->session->master_key_length
+		    < sizeof s->session->master_key);
 		MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
 		MD5_Update(&ctx,&c,1);
 		c++;
@@ -463,6 +468,7 @@
 /*	state=s->rwstate;*/
 	error=s->error;
 	s->error=0;
+	die(error >= 0 && error <= 3);
 	i=ssl2_write(s,&(buf[3-error]),error);
 /*	if (i == error) s->rwstate=state; */
 
--- ssl/s2_srvr.c.orig	Mon Jul  9 08:11:04 2001
+++ ssl/s2_srvr.c	Fri Jul 26 12:11:39 2002
@@ -63,6 +63,7 @@
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#include "cryptlib.h"
 
 static SSL_METHOD *ssl2_get_server_method(int ver);
 static int get_client_master_key(SSL *s);
@@ -361,12 +362,19 @@
 		n2s(p,i); s->s2->tmp.clear=i;
 		n2s(p,i); s->s2->tmp.enc=i;
 		n2s(p,i); s->session->key_arg_length=i;
+		if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
+		        {
+		        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+		                   SSL_R_KEY_ARG_TOO_LONG);
+		        return -1;
+		        }
 		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
 		s->init_num=0;
 		}
 
 	/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
 	p=(unsigned char *)s->init_buf->data;
+	die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
 	keya=s->session->key_arg_length;
 	n=s->s2->tmp.clear+s->s2->tmp.enc+keya - s->init_num;
 	i=ssl2_read(s,(char *)&(p[s->init_num]),n);
@@ -440,6 +448,7 @@
 #endif
 
 	if (is_export) i+=s->s2->tmp.clear;
+	die(i <= SSL_MAX_MASTER_KEY_LENGTH);
 	s->session->master_key_length=i;
 	memcpy(s->session->master_key,p,(unsigned int)i);
 	return(1);
@@ -580,6 +589,7 @@
 	p+=s->s2->tmp.session_id_length;
 
 	/* challenge */
+	die(s->s2->challenge_length <= sizeof s->s2->challenge);
 	memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
 	return(1);
 mem_err:
@@ -730,6 +740,7 @@
 		}
 
 	/* SSL2_ST_GET_CLIENT_FINISHED_B */
+	die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
 	i=ssl2_read(s,(char *)&(p[s->init_num]),s->s2->conn_id_length-s->init_num);
 	if (i < (int)s->s2->conn_id_length-s->init_num)
 		{
@@ -752,6 +763,7 @@
 		{
 		p=(unsigned char *)s->init_buf->data;
 		*(p++)=SSL2_MT_SERVER_VERIFY;
+		die(s->s2->challenge_length <= sizeof s->s2->challenge);
 		memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
 		/* p+=s->s2->challenge_length; */
 
@@ -771,6 +783,8 @@
 		p=(unsigned char *)s->init_buf->data;
 		*(p++)=SSL2_MT_SERVER_FINISHED;
 
+		die(s->session->session_id_length
+		    <= sizeof s->session->session_id);
 		memcpy(p,s->session->session_id,
 			(unsigned int)s->session->session_id_length);
 		/* p+=s->session->session_id_length; */
--- ssl/s3_clnt.c.orig	Thu Oct 25 02:18:54 2001
+++ ssl/s3_clnt.c	Fri Jul 26 10:56:23 2002
@@ -64,6 +64,7 @@
 #include <openssl/sha.h>
 #include <openssl/evp.h>
 #include "ssl_locl.h"
+#include "cryptlib.h"
 
 static SSL_METHOD *ssl3_get_client_method(int ver);
 static int ssl3_client_hello(SSL *s);
@@ -492,6 +493,7 @@
 		*(p++)=i;
 		if (i != 0)
 			{
+			die(i <= sizeof s->session->session_id);
 			memcpy(p,s->session->session_id,i);
 			p+=i;
 			}
@@ -572,6 +574,14 @@
 
 	/* get the session-id */
 	j= *(p++);
+
+       if(j > sizeof s->session->session_id)
+               {
+               al=SSL_AD_ILLEGAL_PARAMETER;
+               SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+                      SSL_R_SSL3_SESSION_ID_TOO_LONG);
+               goto f_err;
+               }
 
 	if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
 		{
--- ssl/ssl.h.orig	Mon Dec 17 12:24:39 2001
+++ ssl/ssl.h	Fri Jul 26 11:36:19 2002
@@ -1423,6 +1423,7 @@
 #define SSL_R_INVALID_COMMAND				 280
 #define SSL_R_INVALID_PURPOSE				 278
 #define SSL_R_INVALID_TRUST				 279
+#define SSL_R_KEY_ARG_TOO_LONG				 1112
 #define SSL_R_LENGTH_MISMATCH				 159
 #define SSL_R_LENGTH_TOO_SHORT				 160
 #define SSL_R_LIBRARY_BUG				 274
@@ -1491,6 +1492,7 @@
 #define SSL_R_SHORT_READ				 219
 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220
 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221
+#define SSL_R_SSL3_SESSION_ID_TOO_LONG			 1113
 #define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 222
 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042
 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		 1020
--- ssl/ssl_asn1.c.orig	Thu Jun  1 16:19:19 2000
+++ ssl/ssl_asn1.c	Fri Jul 26 11:37:53 2002
@@ -62,6 +62,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include "ssl_locl.h"
+#include "cryptlib.h"
 
 typedef struct ssl_session_asn1_st
 	{
@@ -275,6 +276,7 @@
 		os.length=i;
 
 	ret->session_id_length=os.length;
+	die(os.length <= sizeof ret->session_id);
 	memcpy(ret->session_id,os.data,os.length);
 
 	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
--- ssl/ssl_err.c.orig	Fri Nov  9 18:15:29 2001
+++ ssl/ssl_err.c	Fri Jul 26 11:39:21 2002
@@ -1,6 +1,6 @@
 /* ssl/ssl_err.c */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -275,6 +275,7 @@
 {SSL_R_INVALID_COMMAND                   ,"invalid command"},
 {SSL_R_INVALID_PURPOSE                   ,"invalid purpose"},
 {SSL_R_INVALID_TRUST                     ,"invalid trust"},
+{SSL_R_KEY_ARG_TOO_LONG                  ,"key arg too long"},
 {SSL_R_LENGTH_MISMATCH                   ,"length mismatch"},
 {SSL_R_LENGTH_TOO_SHORT                  ,"length too short"},
 {SSL_R_LIBRARY_BUG                       ,"library bug"},
@@ -343,6 +344,7 @@
 {SSL_R_SHORT_READ                        ,"short read"},
 {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
 {SSL_R_SSL23_DOING_SESSION_ID_REUSE      ,"ssl23 doing session id reuse"},
+{SSL_R_SSL3_SESSION_ID_TOO_LONG          ,"ssl3 session id too long"},
 {SSL_R_SSL3_SESSION_ID_TOO_SHORT         ,"ssl3 session id too short"},
 {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE       ,"sslv3 alert bad certificate"},
 {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC        ,"sslv3 alert bad record mac"},
--- ssl/ssl_sess.c.orig	Wed Nov 29 11:12:32 2000
+++ ssl/ssl_sess.c	Fri Jul 26 10:43:56 2002
@@ -60,6 +60,7 @@
 #include <openssl/lhash.h>
 #include <openssl/rand.h>
 #include "ssl_locl.h"
+#include "cryptlib.h"
 
 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
 static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
@@ -199,6 +200,7 @@
 		ss->session_id_length=0;
 		}
 
+	die(s->sid_ctx_length <= sizeof ss->sid_ctx);
 	memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
 	ss->sid_ctx_length=s->sid_ctx_length;
 	s->session=ss;
--- ssl/s3_srvr.c.orig	Thu Oct 25 02:18:56 2001
+++ ssl/s3_srvr.c	Fri Jul 26 11:27:08 2002
@@ -122,6 +122,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include "ssl_locl.h"
+#include "cryptlib.h"
 
 static SSL_METHOD *ssl3_get_server_method(int ver);
 static int ssl3_get_client_hello(SSL *s);
@@ -942,6 +943,7 @@
 			s->session->session_id_length=0;
 
 		sl=s->session->session_id_length;
+		die(sl <= sizeof s->session->session_id);
 		*(p++)=sl;
 		memcpy(p,s->session->session_id,sl);
 		p+=sl;

--------------040702070909050702020402
Content-Type: text/plain;
 name="openssl-0.9.6c-security.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="openssl-0.9.6c-security.patch"

--- crypto/cryptlib.c.orig	Fri Nov 23 13:57:59 2001
+++ crypto/cryptlib.c	Fri Jul 26 10:43:56 2002
@@ -491,3 +491,11 @@
 #endif
 
 #endif
+
+void OpenSSLDie(const char *file,int line,const char *assertion)
+    {
+    fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
+	    file,line,assertion);
+    abort();
+    }
+
--- crypto/cryptlib.h.orig	Tue May  2 06:35:04 2000
+++ crypto/cryptlib.h	Fri Jul 26 10:43:56 2002
@@ -89,6 +89,14 @@
 #define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
 #define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
 
+/* size of string represenations */
+#define DECIMAL_SIZE(type)     ((sizeof(type)*8+2)/3+1)
+#define HEX_SIZE(type)         ((sizeof(type)*2)
+
+/* die if we have to */
+void OpenSSLDie(const char *file,int line,const char *assertion);
+#define die(e)	((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
+
 #ifdef  __cplusplus
 }
 #endif
--- crypto/asn1/asn1_lib.c.orig	Fri Mar 30 06:42:32 2001
+++ crypto/asn1/asn1_lib.c	Fri Jul 26 10:43:56 2002
@@ -407,7 +407,7 @@
 
 void asn1_add_error(unsigned char *address, int offset)
 	{
-	char buf1[16],buf2[16];
+	char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
 
 	sprintf(buf1,"%lu",(unsigned long)address);
 	sprintf(buf2,"%d",offset);
--- crypto/conf/conf_def.c.orig	Tue Jun  6 09:21:12 2000
+++ crypto/conf/conf_def.c	Fri Jul 26 10:43:56 2002
@@ -67,6 +67,7 @@
 #include "conf_def.h"
 #include <openssl/buffer.h>
 #include <openssl/err.h>
+#include "cryptlib.h"
 
 static char *eat_ws(CONF *conf, char *p);
 static char *eat_alpha_numeric(CONF *conf, char *p);
@@ -180,12 +181,12 @@
 static int def_load(CONF *conf, BIO *in, long *line)
 	{
 #define BUFSIZE	512
-	char btmp[16];
 	int bufnum=0,i,ii;
 	BUF_MEM *buff=NULL;
 	char *s,*p,*end;
 	int again,n;
 	long eline=0;
+	char btmp[DECIMAL_SIZE(eline)+1];
 	CONF_VALUE *v=NULL,*tv;
 	CONF_VALUE *sv=NULL;
 	char *section=NULL,*buf;
--- crypto/objects/obj_dat.c.orig	Mon Sep  4 09:34:35 2000
+++ crypto/objects/obj_dat.c	Fri Jul 26 10:43:56 2002
@@ -428,7 +428,7 @@
 	unsigned long l;
 	unsigned char *p;
 	const char *s;
-	char tbuf[32];
+	char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
 
 	if (buf_len <= 0) return(0);
 
--- ssl/s2_clnt.c.orig	Sat Nov 10 03:43:51 2001
+++ ssl/s2_clnt.c	Fri Jul 26 10:43:56 2002
@@ -116,6 +116,7 @@
 #include <openssl/buffer.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#include "cryptlib.h"
 
 static SSL_METHOD *ssl2_get_client_method(int ver);
 static int get_server_finished(SSL *s);
@@ -517,6 +518,7 @@
 		}
 		
 	s->s2->conn_id_length=s->s2->tmp.conn_id_length;
+	die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
 	memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
 	return(1);
 	}
@@ -618,6 +620,7 @@
 		/* make key_arg data */
 		i=EVP_CIPHER_iv_length(c);
 		sess->key_arg_length=i;
+		die(i <= SSL_MAX_KEY_ARG_LENGTH);
 		if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
 
 		/* make a master key */
@@ -625,6 +628,7 @@
 		sess->master_key_length=i;
 		if (i > 0)
 			{
+			die(i <= sizeof sess->master_key);
 			if (RAND_bytes(sess->master_key,i) <= 0)
 				{
 				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@@ -668,6 +672,7 @@
 		d+=enc;
 		karg=sess->key_arg_length;	
 		s2n(karg,p); /* key arg size */
+		die(karg <= sizeof sess->key_arg);
 		memcpy(d,sess->key_arg,(unsigned int)karg);
 		d+=karg;
 
@@ -688,6 +693,7 @@
 		{
 		p=(unsigned char *)s->init_buf->data;
 		*(p++)=SSL2_MT_CLIENT_FINISHED;
+		die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
 		memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
 
 		s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -944,6 +950,8 @@
 		{
 		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
 			{
+			die(s->session->session_id_length
+			    <= sizeof s->session->session_id);
 			if (memcmp(buf,s->session->session_id,
 				(unsigned int)s->session->session_id_length) != 0)
 				{
--- ssl/s2_lib.c.orig	Tue Dec 26 05:06:47 2000
+++ ssl/s2_lib.c	Fri Jul 26 10:52:20 2002
@@ -62,6 +62,7 @@
 #include <openssl/rsa.h>
 #include <openssl/objects.h>
 #include <openssl/md5.h>
+#include "cryptlib.h"
 
 static long ssl2_default_timeout(void );
 const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@@ -425,10 +426,14 @@
 #endif
 
 	km=s->s2->key_material;
+	die(s->s2->key_material_length <= sizeof s->s2->key_material);
 	for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
 		{
 		MD5_Init(&ctx);
-
+		
+		die(s->session->master_key_length >= 0
+		    && s->session->master_key_length
+		    < sizeof s->session->master_key);
 		MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
 		MD5_Update(&ctx,&c,1);
 		c++;
@@ -463,6 +468,7 @@
 /*	state=s->rwstate;*/
 	error=s->error;
 	s->error=0;
+	die(error >= 0 && error <= 3);
 	i=ssl2_write(s,&(buf[3-error]),error);
 /*	if (i == error) s->rwstate=state; */
 
--- ssl/s2_srvr.c.orig	Wed Nov 14 14:19:47 2001
+++ ssl/s2_srvr.c	Fri Jul 26 10:43:56 2002
@@ -116,6 +116,7 @@
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#include "cryptlib.h"
 
 static SSL_METHOD *ssl2_get_server_method(int ver);
 static int get_client_master_key(SSL *s);
@@ -417,11 +418,18 @@
 		n2s(p,i); s->s2->tmp.clear=i;
 		n2s(p,i); s->s2->tmp.enc=i;
 		n2s(p,i); s->session->key_arg_length=i;
+		if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
+			{
+			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+				   SSL_R_KEY_ARG_TOO_LONG);
+			return -1;
+			}
 		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
 		}
 
 	/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
 	p=(unsigned char *)s->init_buf->data;
+	die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
 	keya=s->session->key_arg_length;
 	len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
 	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
@@ -502,6 +510,7 @@
 #endif
 
 	if (is_export) i+=s->s2->tmp.clear;
+	die(i <= SSL_MAX_MASTER_KEY_LENGTH);
 	s->session->master_key_length=i;
 	memcpy(s->session->master_key,p,(unsigned int)i);
 	return(1);
@@ -649,6 +658,7 @@
 	p+=s->s2->tmp.session_id_length;
 
 	/* challenge */
+	die(s->s2->challenge_length <= sizeof s->s2->challenge);
 	memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
 	return(1);
 mem_err:
@@ -800,6 +810,7 @@
 		}
 
 	/* SSL2_ST_GET_CLIENT_FINISHED_B */
+	die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
 	len = 1 + (unsigned long)s->s2->conn_id_length;
 	n = (int)len - s->init_num;
 	i = ssl2_read(s,(char *)&(p[s->init_num]),n);
@@ -825,6 +836,7 @@
 		{
 		p=(unsigned char *)s->init_buf->data;
 		*(p++)=SSL2_MT_SERVER_VERIFY;
+		die(s->s2->challenge_length <= sizeof s->s2->challenge);
 		memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
 		/* p+=s->s2->challenge_length; */
 
@@ -844,6 +856,8 @@
 		p=(unsigned char *)s->init_buf->data;
 		*(p++)=SSL2_MT_SERVER_FINISHED;
 
+		die(s->session->session_id_length
+		    <= sizeof s->session->session_id);
 		memcpy(p,s->session->session_id,
 			(unsigned int)s->session->session_id_length);
 		/* p+=s->session->session_id_length; */
--- ssl/s3_clnt.c.orig	Thu Oct 25 02:18:54 2001
+++ ssl/s3_clnt.c	Fri Jul 26 10:56:23 2002
@@ -64,6 +64,7 @@
 #include <openssl/sha.h>
 #include <openssl/evp.h>
 #include "ssl_locl.h"
+#include "cryptlib.h"
 
 static SSL_METHOD *ssl3_get_client_method(int ver);
 static int ssl3_client_hello(SSL *s);
@@ -492,6 +493,7 @@
 		*(p++)=i;
 		if (i != 0)
 			{
+			die(i <= sizeof s->session->session_id);
 			memcpy(p,s->session->session_id,i);
 			p+=i;
 			}
@@ -572,6 +574,14 @@
 
 	/* get the session-id */
 	j= *(p++);
+
+       if(j > sizeof s->session->session_id)
+               {
+               al=SSL_AD_ILLEGAL_PARAMETER;
+               SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+                      SSL_R_SSL3_SESSION_ID_TOO_LONG);
+               goto f_err;
+               }
 
 	if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
 		{
--- ssl/ssl.h.orig	Mon Dec 17 12:24:39 2001
+++ ssl/ssl.h	Fri Jul 26 11:36:19 2002
@@ -1423,6 +1423,7 @@
 #define SSL_R_INVALID_COMMAND				 280
 #define SSL_R_INVALID_PURPOSE				 278
 #define SSL_R_INVALID_TRUST				 279
+#define SSL_R_KEY_ARG_TOO_LONG				 1112
 #define SSL_R_LENGTH_MISMATCH				 159
 #define SSL_R_LENGTH_TOO_SHORT				 160
 #define SSL_R_LIBRARY_BUG				 274
@@ -1491,6 +1492,7 @@
 #define SSL_R_SHORT_READ				 219
 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220
 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221
+#define SSL_R_SSL3_SESSION_ID_TOO_LONG			 1113
 #define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 222
 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042
 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		 1020
--- ssl/ssl_asn1.c.orig	Thu Jun  1 16:19:19 2000
+++ ssl/ssl_asn1.c	Fri Jul 26 11:37:53 2002
@@ -62,6 +62,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include "ssl_locl.h"
+#include "cryptlib.h"
 
 typedef struct ssl_session_asn1_st
 	{
@@ -275,6 +276,7 @@
 		os.length=i;
 
 	ret->session_id_length=os.length;
+	die(os.length <= sizeof ret->session_id);
 	memcpy(ret->session_id,os.data,os.length);
 
 	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
--- ssl/ssl_err.c.orig	Fri Nov  9 18:15:29 2001
+++ ssl/ssl_err.c	Fri Jul 26 11:39:21 2002
@@ -1,6 +1,6 @@
 /* ssl/ssl_err.c */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -275,6 +275,7 @@
 {SSL_R_INVALID_COMMAND                   ,"invalid command"},
 {SSL_R_INVALID_PURPOSE                   ,"invalid purpose"},
 {SSL_R_INVALID_TRUST                     ,"invalid trust"},
+{SSL_R_KEY_ARG_TOO_LONG                  ,"key arg too long"},
 {SSL_R_LENGTH_MISMATCH                   ,"length mismatch"},
 {SSL_R_LENGTH_TOO_SHORT                  ,"length too short"},
 {SSL_R_LIBRARY_BUG                       ,"library bug"},
@@ -343,6 +344,7 @@
 {SSL_R_SHORT_READ                        ,"short read"},
 {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
 {SSL_R_SSL23_DOING_SESSION_ID_REUSE      ,"ssl23 doing session id reuse"},
+{SSL_R_SSL3_SESSION_ID_TOO_LONG          ,"ssl3 session id too long"},
 {SSL_R_SSL3_SESSION_ID_TOO_SHORT         ,"ssl3 session id too short"},
 {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE       ,"sslv3 alert bad certificate"},
 {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC        ,"sslv3 alert bad record mac"},
--- ssl/ssl_sess.c.orig	Wed Nov 29 11:12:32 2000
+++ ssl/ssl_sess.c	Fri Jul 26 10:43:56 2002
@@ -60,6 +60,7 @@
 #include <openssl/lhash.h>
 #include <openssl/rand.h>
 #include "ssl_locl.h"
+#include "cryptlib.h"
 
 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
 static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
@@ -199,6 +200,7 @@
 		ss->session_id_length=0;
 		}
 
+	die(s->sid_ctx_length <= sizeof ss->sid_ctx);
 	memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
 	ss->sid_ctx_length=s->sid_ctx_length;
 	s->session=ss;
--- ssl/s3_srvr.c.orig	Thu Oct 25 02:18:56 2001
+++ ssl/s3_srvr.c	Fri Jul 26 11:27:08 2002
@@ -122,6 +122,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include "ssl_locl.h"
+#include "cryptlib.h"
 
 static SSL_METHOD *ssl3_get_server_method(int ver);
 static int ssl3_get_client_hello(SSL *s);
@@ -942,6 +943,7 @@
 			s->session->session_id_length=0;
 
 		sl=s->session->session_id_length;
+		die(sl <= sizeof s->session->session_id);
 		*(p++)=sl;
 		memcpy(p,s->session->session_id,sl);
 		p+=sl;

--------------040702070909050702020402
Content-Type: text/plain;
 name="openssl-0.9.7-sec.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="openssl-0.9.7-sec.patch"

Index: CHANGES
===================================================================
RCS file: /e/openssl/cvs/openssl/CHANGES,v
retrieving revision 1.977.2.42
diff -u -r1.977.2.42 CHANGES
--- CHANGES	2002/07/16 09:18:25	1.977.2.42
+++ CHANGES	2002/07/30 09:54:48
@@ -4,6 +4,38 @@
 
  Changes between 0.9.6e and 0.9.7  [XX xxx 2002]
 
+Changes marked "(CHATS)" were sponsored by the Defense Advanced
+Research Projects Agency (DARPA) and Air Force Research Laboratory,
+Air Force Materiel Command, USAF, under agreement number
+F30602-01-2-0537.
+
+  *) Add various sanity checks to asn1_get_length() to reject
+     the ASN1 length bytes if they exceed sizeof(long), will appear
+     negative or the content length exceeds the length of the
+     supplied buffer. (CAN-2002-0659)
+     [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+
+  *) Assertions for various potential buffer overflows, not known to
+     happen in practice.
+     [Ben Laurie (CHATS)]
+
+  *) Various temporary buffers to hold ASCII versions of integers were
+     too small for 64 bit platforms. (CAN-2002-0655)
+     [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
+
+  *) Remote buffer overflow in SSL3 protocol - an attacker could
+     supply an oversized master key in Kerberos-enabled versions.
+     (CAN-2002-0657)
+     [Ben Laurie (CHATS)]
+
+  *) Remote buffer overflow in SSL3 protocol - an attacker could
+     supply an oversized session ID to a client. (CAN-2002-0656)
+     [Ben Laurie (CHATS)]
+
+  *) Remote buffer overflow in SSL2 protocol - an attacker could
+     supply an oversized client master key. (CAN-2002-0656)
+     [Ben Laurie (CHATS)]
+
   *) Add appropriate support for separate platform-dependent build
      directories.  The recommended way to make a platform-dependent
      build directory is the following (tested on Linux), maybe with
@@ -1654,6 +1686,12 @@
      [Richard Levitte]
 
  Changes between 0.9.6d and 0.9.6e  [XX xxx XXXX]
+
+  *) Add various sanity checks to asn1_get_length() to reject
+     the ASN1 length bytes if they exceed sizeof(long), will appear
+     negative or the content length exceeds the length of the
+     supplied buffer.
+     [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
 
   *) Fix cipher selection routines: ciphers without encryption had no flags
      for the cipher strength set and where therefore not handled correctly
Index: crypto/cryptlib.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/cryptlib.c,v
retrieving revision 1.32
diff -u -r1.32 cryptlib.c
--- crypto/cryptlib.c	2001/11/24 04:02:42	1.32
+++ crypto/cryptlib.c	2002/07/30 09:54:50
@@ -492,3 +492,11 @@
 #endif
 
 #endif
+
+void OpenSSLDie(const char *file,int line,const char *assertion)
+    {
+    fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
+	    file,line,assertion);
+    abort();
+    }
+
Index: crypto/cryptlib.h
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/cryptlib.h,v
retrieving revision 1.10
diff -u -r1.10 cryptlib.h
--- crypto/cryptlib.h	2001/02/22 14:44:54	1.10
+++ crypto/cryptlib.h	2002/07/30 09:54:50
@@ -89,6 +89,14 @@
 #define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
 #define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
 
+/* size of string represenations */
+#define DECIMAL_SIZE(type)     ((sizeof(type)*8+2)/3+1)
+#define HEX_SIZE(type)         ((sizeof(type)*2)
+
+/* die if we have to */
+void OpenSSLDie(const char *file,int line,const char *assertion);
+#define die(e)	((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
+
 #ifdef  __cplusplus
 }
 #endif
Index: crypto/asn1/asn1_lib.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/asn1/asn1_lib.c,v
retrieving revision 1.20.2.1
diff -u -r1.20.2.1 asn1_lib.c
--- crypto/asn1/asn1_lib.c	2002/06/13 17:38:46	1.20.2.1
+++ crypto/asn1/asn1_lib.c	2002/07/30 09:54:51
@@ -124,15 +124,13 @@
 		(int)(omax+ *pp));
 
 #endif
-#if 0
-	if ((p+ *plength) > (omax+ *pp))
+	if (*plength > (omax - (*pp - p)))
 		{
 		ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
 		/* Set this so that even if things are not long enough
 		 * the values are set correctly */
 		ret|=0x80;
 		}
-#endif
 	*pp=p;
 	return(ret|inf);
 err:
@@ -159,6 +157,8 @@
 		i= *p&0x7f;
 		if (*(p++) & 0x80)
 			{
+			if (i > sizeof(long))
+				return 0;
 			if (max-- == 0) return(0);
 			while (i-- > 0)
 				{
@@ -170,6 +170,8 @@
 		else
 			ret=i;
 		}
+	if (ret < 0)
+		return 0;
 	*pp=p;
 	*rl=ret;
 	return(1);
@@ -407,7 +409,7 @@
 
 void asn1_add_error(unsigned char *address, int offset)
 	{
-	char buf1[16],buf2[16];
+	char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
 
 	sprintf(buf1,"%lu",(unsigned long)address);
 	sprintf(buf2,"%d",offset);
Index: crypto/conf/conf_def.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/conf/conf_def.c,v
retrieving revision 1.12
diff -u -r1.12 conf_def.c
--- crypto/conf/conf_def.c	2002/01/24 16:15:17	1.12
+++ crypto/conf/conf_def.c	2002/07/30 09:54:51
@@ -67,6 +67,7 @@
 #include "conf_def.h"
 #include <openssl/buffer.h>
 #include <openssl/err.h>
+#include "cryptlib.h"
 
 static char *eat_ws(CONF *conf, char *p);
 static char *eat_alpha_numeric(CONF *conf, char *p);
@@ -208,12 +209,12 @@
 static int def_load_bio(CONF *conf, BIO *in, long *line)
 	{
 #define BUFSIZE	512
-	char btmp[16];
 	int bufnum=0,i,ii;
 	BUF_MEM *buff=NULL;
 	char *s,*p,*end;
 	int again,n;
 	long eline=0;
+	char btmp[DECIMAL_SIZE(eline)+1];
 	CONF_VALUE *v=NULL,*tv;
 	CONF_VALUE *sv=NULL;
 	char *section=NULL,*buf;
Index: crypto/conf/conf_mod.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/conf/conf_mod.c,v
retrieving revision 1.8.2.6
diff -u -r1.8.2.6 conf_mod.c
--- crypto/conf/conf_mod.c	2002/05/08 15:13:24	1.8.2.6
+++ crypto/conf/conf_mod.c	2002/07/30 09:54:52
@@ -230,7 +230,7 @@
 		{
 		if (!(flags & CONF_MFLAGS_SILENT))
 			{
-			char rcode[10];
+			char rcode[DECIMAL_SIZE(ret)+1];
 			CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR);
 			sprintf(rcode, "%-8d", ret);
 			ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
Index: crypto/engine/hw_cswift.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/engine/hw_cswift.c,v
retrieving revision 1.17.2.1
diff -u -r1.17.2.1 hw_cswift.c
--- crypto/engine/hw_cswift.c	2002/06/21 02:48:52	1.17.2.1
+++ crypto/engine/hw_cswift.c	2002/07/30 09:54:53
@@ -501,7 +501,7 @@
 		goto err;
 	default:
 		{
-		char tmpbuf[20];
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
 		sprintf(tmpbuf, "%ld", sw_status);
 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -518,7 +518,7 @@
 	if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
 		&res, 1)) != SW_OK)
 		{
-		char tmpbuf[20];
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
 		sprintf(tmpbuf, "%ld", sw_status);
 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -608,7 +608,7 @@
 		goto err;
 	default:
 		{
-		char tmpbuf[20];
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
 		sprintf(tmpbuf, "%ld", sw_status);
 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -625,7 +625,7 @@
 	if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
 		&res, 1)) != SW_OK)
 		{
-		char tmpbuf[20];
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
 		sprintf(tmpbuf, "%ld", sw_status);
 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -740,7 +740,7 @@
 		goto err;
 	default:
 		{
-		char tmpbuf[20];
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
 		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
 		sprintf(tmpbuf, "%ld", sw_status);
 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -758,7 +758,7 @@
 		&res, 1);
 	if(sw_status != SW_OK)
 		{
-		char tmpbuf[20];
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
 		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
 		sprintf(tmpbuf, "%ld", sw_status);
 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -852,7 +852,7 @@
 		goto err;
 	default:
 		{
-		char tmpbuf[20];
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
 		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
 		sprintf(tmpbuf, "%ld", sw_status);
 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -874,7 +874,7 @@
 		&res, 1);
 	if(sw_status != SW_OK)
 		{
-		char tmpbuf[20];
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
 		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
 		sprintf(tmpbuf, "%ld", sw_status);
 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
Index: crypto/objects/obj_dat.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/objects/obj_dat.c,v
retrieving revision 1.23.2.3
diff -u -r1.23.2.3 obj_dat.c
--- crypto/objects/obj_dat.c	2002/05/30 16:49:44	1.23.2.3
+++ crypto/objects/obj_dat.c	2002/07/30 09:54:53
@@ -436,7 +436,7 @@
 	unsigned long l;
 	unsigned char *p;
 	const char *s;
-	char tbuf[32];
+	char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
 
 	if (buf_len <= 0) return(0);
 
Index: ssl/s2_clnt.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s2_clnt.c,v
retrieving revision 1.37
diff -u -r1.37 s2_clnt.c
--- ssl/s2_clnt.c	2002/01/12 15:56:10	1.37
+++ ssl/s2_clnt.c	2002/07/30 09:55:01
@@ -116,6 +116,7 @@
 #include <openssl/buffer.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#include "cryptlib.h"
 
 static SSL_METHOD *ssl2_get_client_method(int ver);
 static int get_server_finished(SSL *s);
@@ -535,6 +536,7 @@
 		}
 		
 	s->s2->conn_id_length=s->s2->tmp.conn_id_length;
+	die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
 	memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
 	return(1);
 	}
@@ -636,6 +638,7 @@
 		/* make key_arg data */
 		i=EVP_CIPHER_iv_length(c);
 		sess->key_arg_length=i;
+		die(i <= SSL_MAX_KEY_ARG_LENGTH);
 		if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
 
 		/* make a master key */
@@ -643,6 +646,7 @@
 		sess->master_key_length=i;
 		if (i > 0)
 			{
+			die(i <= sizeof sess->master_key);
 			if (RAND_bytes(sess->master_key,i) <= 0)
 				{
 				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@@ -686,6 +690,7 @@
 		d+=enc;
 		karg=sess->key_arg_length;	
 		s2n(karg,p); /* key arg size */
+		die(karg <= sizeof sess->key_arg);
 		memcpy(d,sess->key_arg,(unsigned int)karg);
 		d+=karg;
 
@@ -706,6 +711,7 @@
 		{
 		p=(unsigned char *)s->init_buf->data;
 		*(p++)=SSL2_MT_CLIENT_FINISHED;
+		die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
 		memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
 
 		s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -978,6 +984,8 @@
 		{
 		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
 			{
+			die(s->session->session_id_length
+			    <= sizeof s->session->session_id);
 			if (memcmp(buf,s->session->session_id,
 				(unsigned int)s->session->session_id_length) != 0)
 				{
Index: ssl/s2_lib.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s2_lib.c,v
retrieving revision 1.39.2.1
diff -u -r1.39.2.1 s2_lib.c
--- ssl/s2_lib.c	2002/07/10 06:40:18	1.39.2.1
+++ ssl/s2_lib.c	2002/07/30 09:55:01
@@ -63,6 +63,7 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
+#include "cryptlib.h"
 
 static long ssl2_default_timeout(void );
 const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@@ -428,10 +429,14 @@
 #endif
 	EVP_MD_CTX_init(&ctx);
 	km=s->s2->key_material;
+	die(s->s2->key_material_length <= sizeof s->s2->key_material);
 	for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
 		{
 		EVP_DigestInit_ex(&ctx,EVP_md5(), NULL);
 
+		die(s->session->master_key_length >= 0
+		    && s->session->master_key_length
+		    < sizeof s->session->master_key);
 		EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
 		EVP_DigestUpdate(&ctx,&c,1);
 		c++;
@@ -467,6 +472,7 @@
 /*	state=s->rwstate;*/
 	error=s->error;
 	s->error=0;
+	die(error >= 0 && error <= 3);
 	i=ssl2_write(s,&(buf[3-error]),error);
 /*	if (i == error) s->rwstate=state; */
 
Index: ssl/s2_srvr.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s2_srvr.c,v
retrieving revision 1.36
diff -u -r1.36 s2_srvr.c
--- ssl/s2_srvr.c	2002/01/12 15:56:11	1.36
+++ ssl/s2_srvr.c	2002/07/30 09:55:02
@@ -116,6 +116,7 @@
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#include "cryptlib.h"
 
 static SSL_METHOD *ssl2_get_server_method(int ver);
 static int get_client_master_key(SSL *s);
@@ -417,11 +418,18 @@
 		n2s(p,i); s->s2->tmp.clear=i;
 		n2s(p,i); s->s2->tmp.enc=i;
 		n2s(p,i); s->session->key_arg_length=i;
+		if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
+			{
+			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+				   SSL_R_KEY_ARG_TOO_LONG);
+			return -1;
+			}
 		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
 		}
 
 	/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
 	p=(unsigned char *)s->init_buf->data;
+	die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
 	keya=s->session->key_arg_length;
 	len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
 	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
@@ -504,6 +512,7 @@
 #endif
 
 	if (is_export) i+=s->s2->tmp.clear;
+	die(i <= SSL_MAX_MASTER_KEY_LENGTH);
 	s->session->master_key_length=i;
 	memcpy(s->session->master_key,p,(unsigned int)i);
 	return(1);
@@ -670,6 +679,7 @@
 	p+=s->s2->tmp.session_id_length;
 
 	/* challenge */
+	die(s->s2->challenge_length <= sizeof s->s2->challenge);
 	memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
 	return(1);
 mem_err:
@@ -826,6 +836,7 @@
 		}
 
 	/* SSL2_ST_GET_CLIENT_FINISHED_B */
+	die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
 	len = 1 + (unsigned long)s->s2->conn_id_length;
 	n = (int)len - s->init_num;
 	i = ssl2_read(s,(char *)&(p[s->init_num]),n);
@@ -853,6 +864,7 @@
 		{
 		p=(unsigned char *)s->init_buf->data;
 		*(p++)=SSL2_MT_SERVER_VERIFY;
+		die(s->s2->challenge_length <= sizeof s->s2->challenge);
 		memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
 		/* p+=s->s2->challenge_length; */
 
@@ -872,6 +884,8 @@
 		p=(unsigned char *)s->init_buf->data;
 		*(p++)=SSL2_MT_SERVER_FINISHED;
 
+		die(s->session->session_id_length
+		    <= sizeof s->session->session_id);
 		memcpy(p,s->session->session_id,
 			(unsigned int)s->session->session_id_length);
 		/* p+=s->session->session_id_length; */
Index: ssl/s3_clnt.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s3_clnt.c,v
retrieving revision 1.53.2.2
diff -u -r1.53.2.2 s3_clnt.c
--- ssl/s3_clnt.c	2002/07/10 06:57:48	1.53.2.2
+++ ssl/s3_clnt.c	2002/07/30 09:55:03
@@ -117,6 +117,7 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
+#include "cryptlib.h"
 
 static SSL_METHOD *ssl3_get_client_method(int ver);
 static int ssl3_client_hello(SSL *s);
@@ -545,6 +546,7 @@
 		*(p++)=i;
 		if (i != 0)
 			{
+			die(i <= sizeof s->session->session_id);
 			memcpy(p,s->session->session_id,i);
 			p+=i;
 			}
@@ -626,6 +628,14 @@
 	/* get the session-id */
 	j= *(p++);
 
+       if(j > sizeof s->session->session_id)
+               {
+               al=SSL_AD_ILLEGAL_PARAMETER;
+               SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+                      SSL_R_SSL3_SESSION_ID_TOO_LONG);
+               goto f_err;
+               }
+
 	if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
 		{
 		/* SSLref returns 16 :-( */
@@ -1588,6 +1598,7 @@
 				SSL_MAX_MASTER_KEY_LENGTH);
 			EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
 			outl += padl;
+			die(outl <= sizeof epms);
 			EVP_CIPHER_CTX_cleanup(&ciph_ctx);
 
 			/*  KerberosWrapper.EncryptedPreMasterSecret	*/
Index: ssl/s3_srvr.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s3_srvr.c,v
retrieving revision 1.85.2.5
diff -u -r1.85.2.5 s3_srvr.c
--- ssl/s3_srvr.c	2002/07/10 06:57:50	1.85.2.5
+++ ssl/s3_srvr.c	2002/07/30 09:55:04
@@ -123,6 +123,7 @@
 #include <openssl/x509.h>
 #include <openssl/krb5_asn.h>
 #include <openssl/md5.h>
+#include "cryptlib.h"
 
 static SSL_METHOD *ssl3_get_server_method(int ver);
 static int ssl3_get_client_hello(SSL *s);
@@ -964,6 +965,7 @@
 			s->session->session_id_length=0;
 
 		sl=s->session->session_id_length;
+		die(sl <= sizeof s->session->session_id);
 		*(p++)=sl;
 		memcpy(p,s->session->session_id,sl);
 		p+=sl;
@@ -1559,8 +1561,8 @@
 		EVP_CIPHER		*enc = NULL;
 		unsigned char		iv[EVP_MAX_IV_LENGTH];
 		unsigned char		pms[SSL_MAX_MASTER_KEY_LENGTH
-						+ EVP_MAX_IV_LENGTH + 1];
-		int 			padl, outl = sizeof(pms);
+                                               + EVP_MAX_BLOCK_LENGTH];
+		int                     padl, outl;
 		krb5_timestamp		authtime = 0;
 		krb5_ticket_times	ttimes;
 
@@ -1582,6 +1584,16 @@
 		enc_pms.length = i;
 		enc_pms.data = (char *)p;
 		p+=enc_pms.length;
+
+		/* Note that the length is checked again below,
+		** after decryption
+		*/
+		if(enc.pms_length > sizeof pms)
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+			       SSL_R_DATA_LENGTH_TOO_LONG);
+			goto err;
+			}
 
 		if (n != enc_ticket.length + authenticator.length +
 						enc_pms.length + 6)
Index: ssl/ssl.h
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl.h,v
retrieving revision 1.126.2.7
diff -u -r1.126.2.7 ssl.h
--- ssl/ssl.h	2002/07/04 08:50:31	1.126.2.7
+++ ssl/ssl.h	2002/07/30 09:55:05
@@ -1650,6 +1650,7 @@
 #define SSL_R_INVALID_COMMAND				 280
 #define SSL_R_INVALID_PURPOSE				 278
 #define SSL_R_INVALID_TRUST				 279
+#define SSL_R_KEY_ARG_TOO_LONG				 1112
 #define SSL_R_KRB5					 1104
 #define SSL_R_KRB5_C_CC_PRINC				 1094
 #define SSL_R_KRB5_C_GET_CRED				 1095
@@ -1729,6 +1730,7 @@
 #define SSL_R_SHORT_READ				 219
 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220
 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221
+#define SSL_R_SSL3_SESSION_ID_TOO_LONG			 1113
 #define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 222
 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042
 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		 1020
Index: ssl/ssl_asn1.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl_asn1.c,v
retrieving revision 1.9.2.2
diff -u -r1.9.2.2 ssl_asn1.c
--- ssl/ssl_asn1.c	2002/07/10 06:57:51	1.9.2.2
+++ ssl/ssl_asn1.c	2002/07/30 09:55:05
@@ -62,6 +62,7 @@
 #include <openssl/asn1_mac.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include "cryptlib.h"
 
 typedef struct ssl_session_asn1_st
 	{
@@ -296,6 +297,7 @@
 		os.length=i;
 
 	ret->session_id_length=os.length;
+	die(os.length <= sizeof ret->session_id);
 	memcpy(ret->session_id,os.data,os.length);
 
 	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
Index: ssl/ssl_err.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl_err.c,v
retrieving revision 1.41
diff -u -r1.41 ssl_err.c
--- ssl/ssl_err.c	2001/11/10 01:16:28	1.41
+++ ssl/ssl_err.c	2002/07/30 09:55:06
@@ -1,6 +1,6 @@
 /* ssl/ssl_err.c */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -275,6 +275,7 @@
 {SSL_R_INVALID_COMMAND                   ,"invalid command"},
 {SSL_R_INVALID_PURPOSE                   ,"invalid purpose"},
 {SSL_R_INVALID_TRUST                     ,"invalid trust"},
+{SSL_R_KEY_ARG_TOO_LONG                  ,"key arg too long"},
 {SSL_R_KRB5                              ,"krb5"},
 {SSL_R_KRB5_C_CC_PRINC                   ,"krb5 client cc principal (no tkt?)"},
 {SSL_R_KRB5_C_GET_CRED                   ,"krb5 client get cred"},
@@ -354,6 +355,7 @@
 {SSL_R_SHORT_READ                        ,"short read"},
 {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
 {SSL_R_SSL23_DOING_SESSION_ID_REUSE      ,"ssl23 doing session id reuse"},
+{SSL_R_SSL3_SESSION_ID_TOO_LONG          ,"ssl3 session id too long"},
 {SSL_R_SSL3_SESSION_ID_TOO_SHORT         ,"ssl3 session id too short"},
 {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE       ,"sslv3 alert bad certificate"},
 {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC        ,"sslv3 alert bad record mac"},
Index: ssl/ssl_sess.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl_sess.c,v
retrieving revision 1.40
diff -u -r1.40 ssl_sess.c
--- ssl/ssl_sess.c	2002/02/10 12:46:41	1.40
+++ ssl/ssl_sess.c	2002/07/30 09:55:06
@@ -60,6 +60,7 @@
 #include <openssl/lhash.h>
 #include <openssl/rand.h>
 #include "ssl_locl.h"
+#include "cryptlib.h"
 
 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
 static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
@@ -250,6 +251,7 @@
 		ss->session_id_length=0;
 		}
 
+	die(s->sid_ctx_length <= sizeof ss->sid_ctx);
 	memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
 	ss->sid_ctx_length=s->sid_ctx_length;
 	s->session=ss;

--------------040702070909050702020402--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC