[Pkg-apache-commits] r1114 - in /trunk/apache2: changelog patches/072_CVE-2009-3555.dpatch
sf at alioth.debian.org
sf at alioth.debian.org
Sat Jan 2 21:31:18 UTC 2010
Author: sf
Date: Sat Jan 2 21:31:18 2010
New Revision: 1114
URL: http://svn.debian.org/wsvn/pkg-apache/?sc=1&rev=1114
Log:
Security: Further mitigation for the TLS renegotation attack
(CVE-2009-3555): Disable keep-alive if parts of the next request have
already been received when doing a renegotiation. This defends against
some request splicing attacks.
Modified:
trunk/apache2/changelog
trunk/apache2/patches/072_CVE-2009-3555.dpatch
Modified: trunk/apache2/changelog
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/changelog?rev=1114&op=diff
==============================================================================
--- trunk/apache2/changelog (original)
+++ trunk/apache2/changelog Sat Jan 2 21:31:18 2010
@@ -1,5 +1,9 @@
apache2 (2.2.14-5) UNRELEASED; urgency=low
+ * Security: Further mitigation for the TLS renegotation attack
+ (CVE-2009-3555): Disable keep-alive if parts of the next request have
+ already been received when doing a renegotiation. This defends against
+ some request splicing attacks.
* Print a useful error message if 'apache2ctl status' fails. Add a comment
to /etc/apache2/envvars on how to change the options for www-browser.
Closes: #561496, #272069
Modified: trunk/apache2/patches/072_CVE-2009-3555.dpatch
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/patches/072_CVE-2009-3555.dpatch?rev=1114&op=diff
==============================================================================
--- trunk/apache2/patches/072_CVE-2009-3555.dpatch (original)
+++ trunk/apache2/patches/072_CVE-2009-3555.dpatch Sat Jan 2 21:31:18 2010
@@ -2,6 +2,7 @@
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: TLS/SSL partial fix for CVE-2009-3555
+## DP: includes http://svn.apache.org/viewcvs.cgi?rev=891282&view=rev
@DPATCH@
*) SECURITY: CVE-2009-3555 (cve.mitre.org)
@@ -69,7 +70,26 @@
/* XXX: flush here only required for SSLv2;
* OpenSSL calls BIO_flush() at the appropriate times for
* the other protocols.
-@@ -1724,6 +1737,8 @@
+@@ -1358,9 +1371,17 @@
+ }
+ else {
+ /* We have no idea what you are talking about, so return an error. */
+- return APR_ENOTIMPL;
++ status = APR_ENOTIMPL;
+ }
+
++ /* It is possible for mod_ssl's BIO to be used outside of the
++ * direct control of mod_ssl's input or output filter -- notably,
++ * when mod_ssl initiates a renegotiation. Switching the BIO mode
++ * back to "blocking" here ensures such operations don't fail with
++ * SSL_ERROR_WANT_READ. */
++ inctx->block = APR_BLOCK_READ;
++
++ /* Handle custom errors. */
+ if (status != APR_SUCCESS) {
+ return ssl_io_filter_error(f, bb, status);
+ }
+@@ -1724,6 +1745,8 @@
filter_ctx = apr_palloc(c->pool, sizeof(ssl_filter_ctx_t));
@@ -78,13 +98,66 @@
filter_ctx->nobuffer = 0;
filter_ctx->pOutputFilter = ap_add_output_filter(ssl_io_filter,
filter_ctx, NULL, c);
-
Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c?rev=833622&r1=833621&r2=833622&view=diff
==============================================================================
--- 1/modules/ssl/ssl_engine_kernel.c (original)
+++ 1/modules/ssl/ssl_engine_kernel.c Sat Nov 7 00:56:23 2009
-@@ -729,6 +729,10 @@
+@@ -35,6 +35,29 @@
+ static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s);
+ #endif
+
++/* Perform a speculative (and non-blocking) read from the connection
++ * filters for the given request, to determine whether there is any
++ * pending data to read. Return non-zero if there is, else zero. */
++static int has_buffered_data(request_rec *r)
++{
++ apr_bucket_brigade *bb;
++ apr_off_t len;
++ apr_status_t rv;
++ int result;
++
++ bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
++
++ rv = ap_get_brigade(r->connection->input_filters, bb, AP_MODE_SPECULATIVE,
++ APR_NONBLOCK_READ, 1);
++ result = rv == APR_SUCCESS
++ && apr_brigade_length(bb, 1, &len) == APR_SUCCESS
++ && len > 0;
++
++ apr_brigade_destroy(bb);
++
++ return result;
++}
++
+ /*
+ * Post Read Request Handler
+ */
+@@ -720,6 +743,23 @@
+ else {
+ request_rec *id = r->main ? r->main : r;
+
++ /* Additional mitigation for CVE-2009-3555: At this point,
++ * before renegotiating, an (entire) request has been read
++ * from the connection. An attacker may have sent further
++ * data to "prefix" any subsequent request by the victim's
++ * client after the renegotiation; this data may already
++ * have been read and buffered. Forcing a connection
++ * closure after the response ensures such data will be
++ * discarded. Legimately pipelined HTTP requests will be
++ * retried anyway with this approach. */
++ if (has_buffered_data(r)) {
++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
++ "insecure SSL re-negotiation required, but "
++ "a pipelined request is present; keepalive "
++ "disabled");
++ r->connection->keepalive = AP_CONN_CLOSE;
++ }
++
+ /* do a full renegotiation */
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ "Performing full renegotiation: "
+@@ -729,6 +769,10 @@
(unsigned char *)&id,
sizeof(id));
@@ -95,7 +168,7 @@
SSL_renegotiate(ssl);
SSL_do_handshake(ssl);
-@@ -750,6 +754,8 @@
+@@ -750,6 +794,8 @@
SSL_set_state(ssl, SSL_ST_ACCEPT);
SSL_do_handshake(ssl);
@@ -104,7 +177,7 @@
if (SSL_get_state(ssl) != SSL_ST_OK) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Re-negotiation handshake failed: "
-@@ -1844,76 +1850,55 @@
+@@ -1844,76 +1890,55 @@
return;
}
@@ -220,7 +293,7 @@
}
/*
-@@ -1933,6 +1918,52 @@
+@@ -1933,6 +1958,52 @@
}
}
@@ -309,5 +382,3 @@
#ifndef OPENSSL_NO_TLSEXT
int ssl_callback_ServerNameIndication(SSL *, int *, modssl_ctx_t *);
#endif
-
-
More information about the Pkg-apache-commits
mailing list