[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]
From: |
Simon Josefsson |
Subject: |
Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1] |
Date: |
Mon, 19 May 2008 20:58:16 +0200 |
User-agent: |
Gnus/5.110009 (No Gnus v0.9) Emacs/22.2 (gnu/linux) |
Andreas Metzler <address@hidden> writes:
> On 2008-05-19 Simon Josefsson <address@hidden> wrote:
>> Andreas Metzler <address@hidden> writes:
>> > The fix for this one (gnutls_cipher.c) breaks clean end of session:
>
>> Sigh! If you add -d 4711 what does it say? I'm trying to reproduce
>> this now.
>
> Hello,
>
> I am attaching logs for both 2.2.3 and 2.2.4 for easy comparison.
Thanks!
> |<7>| RB: Have 5 bytes into buffer. Adding 32 bytes.
> |<7>| RB: Requested 37 bytes
> |<4>| REC[8073cb8]: Short record length 32 < 16 + 20 (under attack?)
> |<2>| ASSERT: gnutls_cipher.c:461
> |<2>| ASSERT: gnutls_record.c:999
Ok, the debug message printing check was incorrect. Sigh...
The patch below still catch the exploit but works with a proper server
that sends a short reply. Can you test this?
Thanks,
/Simon
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index f071710..e16ad1f 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -453,15 +453,6 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
return GNUTLS_E_INTERNAL_ERROR;
}
- if (ciphertext.size < (unsigned) blocksize + hash_size)
- {
- _gnutls_record_log
- ("REC[%x]: Short record length %d < %d + %d (under attack?)\n",
- session, ciphertext.size, blocksize, hash_size);
- gnutls_assert ();
- return GNUTLS_E_DECRYPTION_FAILED;
- }
-
/* actual decryption (inplace)
*/
switch (_gnutls_cipher_is_block
@@ -515,6 +506,9 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
if ((int)pad > (int)ciphertext.size - hash_size)
{
gnutls_assert ();
+ _gnutls_record_log
+ ("REC[%x]: Short record length %d > %d - %d (under attack?)\n",
+ session, pad, ciphertext.size, hash_size);
/* We do not fail here. We check below for the
* the pad_failed. If zero means success.
*/
pgpkmslY0oGYv.pgp
Description: PGP signature