OpenBSD Journal

Security Fix: Off-by-one overflow in OpenSSL

Contributed by merdely on from the pointing-out-the-goo dept.

Patches are available for OpenBSD 4.2 (errata, patch), OpenBSD 4.1 (errata, patch) and OpenBSD 4.0 (errata, patch) which address an off-by-one overflow in the SSL_get_shared_ciphers() function in OpenSSL. This vulnerability affects all architectures.

Details below.

Edit: Commit information corrected.

moritz@'s commits (1.16 & 1.17) to -current:

CVSROOT:	/cvs
Module name:	src
Changes by:	moritz@	2007/10/10 13:39:19

Modified files:
	lib/libssl/src/ssl: ssl_lib.c

Log message:
Replace use of strcpy(3) and other pointer goo in
SSL_get_shared_ciphers() with strlcat(3).

ok deraadt@ markus@
-------------------
CVSROOT:	/cvs
Module name:	src
Changes by:	moritz@	2007/09/27 10:18:12

Modified files:
	lib/libssl/src/ssl: ssl_lib.c 

Log message:
Fix off-by-one buffer overflow in SSL_get_shared_ciphers().
From OpenSSL_0_9_8-stable branch.

ok djm@

(The updates to the -stable branches were made by henning@.)

(Comments are closed)


Comments
  1. By Anonymous Coward (85.178.81.228) on

    Thanks a lot devs!
    After people told me my researches and co are not detailed enough it's good to see that at least the developers where able to do the right thing :]

  2. By dingo (192.85.50.2) af.dingo@gmail.com on

    Anybody do an anaylsis of call heirachy and find where this function can be called from?

    ssl apache? Likely not ssh? etc..

    I'm sure some packages do, but i'm only curious with whats in base.

    Comments
    1. By Philip Guenther (64.58.1.252) on

      > Anybody do an anaylsis of call heirachy and find where this
      > function can be called from?

      The only code in the main OpenBSD tree that calls SSL_get_shared_ciphers() is the openssl(1) utility's s_client and s_server modes. However, that code passes the function a buffer of size BUFSIZ (== 1024) while the complete list of ciphers is only 666 bytes, so it's impossible to hit the overflow there.

      The only other code that I've *ever* seen that calls that function is the perl Net::SSLeay module, which simply provides access to OpenSSL functions from perl. Maybe there's a perl script out there that uses that, but I haven't seen one.

      The function itself is almost useless; the only reason I can think to call it would be if you were debugging the cipher selection algorithm in OpenSSL.

  3. By HSpirit (116.240.230.130) damon.mcmahon@gmail.com on

    I can't build libssl on 4.1-RELEASE+patches after applying the patch - please see the output below. Any ideas?

    # patch -p0 < 011_openssl.patch && cd lib/libssl && make obj && make depend && make
    ...
    [everything fine until...]
    ...
    In file included from /usr/src/lib/libssl/src/crypto/objects/obj_dat.c:68:
    /usr/src/lib/libssl/crypto/obj/obj_dat.h:1137: error: `NID_sbqp_ipAddrBlock' undeclared here (not in a function)
    ...
    [...then lots of errors until...]
    ...
    /usr/src/lib/libssl/crypto/obj/obj_dat.h:1758: error: (near initialization for `nid_objs[667]')
    *** Error code 1

    Stop in /usr/src/lib/libssl/crypto.
    *** Error code 1

    Stop in /usr/src/lib/libssl.

    Comments
    1. By Anonymous Coward (85.8.2.145) on

      > I can't build libssl on 4.1-RELEASE+patches after applying the patch - please see the output below. Any ideas?
      >

      same for me on 4.0, make fails

      # make
      ===> crypto
      cc -O2 -pipe -g -DL_ENDIAN -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR -DOPENSSL_NO_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_MDC2 -DNO_WINDOWS_BRAINDEATH -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NCIPHER -DOPENSSL_NO_HW_ATALLA -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC -DOPENSSL_NO_HW_AEP -DOPENSSL_NO_HW_SUREWARE -DOPENSSL_NO_HW_4758_CCA -I/usr/src/lib/libssl/crypto/../src -I/usr/src/lib/libssl/crypto/../src/crypto -I/usr/src/lib/libssl/crypto/obj -DAES_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM -DOPENBSD_CAST_ASM -DOPENBSD_DES_ASM -c /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c -o rsa_eay.o
      /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c: In function `RSA_eay_private_encrypt':
      /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c:298: error: `OPENSSL_RSA_MAX_MODULUS_BITS' undeclared (first use in this function)
      /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c:298: error: (Each undeclared identifier is reported only once
      /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c:298: error: for each function it appears in.)
      /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c:300: error: `RSA_R_MODULUS_TOO_LARGE' undeclared (first use in this function)
      /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c:311: error: `OPENSSL_RSA_SMALL_MODULUS_BITS' undeclared (first use in this function)
      /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c:313: error: `OPENSSL_RSA_MAX_PUBEXP_BITS' undeclared (first use in this function)
      /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c: In function `RSA_eay_public_decrypt':
      /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c:601: error: `OPENSSL_RSA_MAX_MODULUS_BITS' undeclared (first use in this function)
      /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c:603: error: `RSA_R_MODULUS_TOO_LARGE' undeclared (first use in this function)
      /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c:614: error: `OPENSSL_RSA_SMALL_MODULUS_BITS' undeclared (first use in this function)
      /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c:616: error: `OPENSSL_RSA_MAX_PUBEXP_BITS' undeclared (first use in this function)
      *** Error code 1

      Stop in /usr/src/lib/libssl/crypto.
      *** Error code 1

      Stop in /usr/src/lib/libssl.

      Comments
      1. By smeg lister (141.150.242.184) on

        > > I can't build libssl on 4.1-RELEASE+patches after applying the patch - please see the output below. Any ideas?
        > >
        >
        > same for me on 4.0, make fails

        ...

        > /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c:300: error: `RSA_R_MODULUS_TOO_LARGE' undeclared (first use in this function)
        > /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c:311: error: `OPENSSL_RSA_SMALL_MODULUS_BITS' undeclared (first use in this function)
        > /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c:313: error: `OPENSSL_RSA_MAX_PUBEXP_BITS' undeclared (first use in this function)
        > /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c: In function `RSA_eay_public_decrypt':

        ...

        A possible cause is that the source tree you're trying to compile on is incomplete. You need to examine the .c files, look at what header (.h) files they're #include'ing and then grep for these "undeclared" elements in the header file locations. You can even try recursively grep'ing through all of /usr/include and /usr/src.

        The undeclared elements should be in there somewhere. They explicitly pertain to OpenSSL and are not strange compiler errors or whatever. The preprocessor/compiler is simply not finding what it's looking for.

        Or something like that. I only play a software developer on TV.

      2. By LABarr (209.180.207.226) southpacificsoft@isomedia.com on www.sps-c.net

        > > I can't build libssl on 4.1-RELEASE+patches after applying the patch - please see the output below. Any ideas?
        > >
        >
        > same for me on 4.0, make fails
        >
        >

        I patched about a dozen machines tonight all running 4.0 w/o any problems. About a 70/30 split of i386 & sparc64's. The Sparcs took about a minute longer but didn't take any more than 5 minutes on any one machine. Good luck!

    2. By Richard Toohey (203.167.190.49) richardtoohey@hotmail.com on

      Worked for me - i386 - 4.1 release (from CD) with all patches (except X) applied.

      Only other difference - did the commands one-per-line.

      Also patched a 4.2 box - no errors.

      Comments
      1. By HSpirit (116.240.235.221) damon.mcmahon@gmail.com on

        > Worked for me - i386 - 4.1 release (from CD) with all patches (except X) applied.
        >
        > Only other difference - did the commands one-per-line.
        >
        > Also patched a 4.2 box - no errors.
        >

        Tried again, one command per line, that seemed to do the trick - no idea why (race condition? dunno...)

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]