[Pkg-apache-commits] r1157 - in /branches/lenny-apache2: changelog patches/00list patches/076_CVE-2009-3555.dpatch
sf at alioth.debian.org
sf at alioth.debian.org
Tue Mar 2 20:30:28 UTC 2010
Author: sf
Date: Tue Mar 2 20:30:27 2010
New Revision: 1157
URL: http://svn.debian.org/wsvn/pkg-apache/?sc=1&rev=1157
Log:
add 2.2.9-10+lenny6:
mitigate CVE-2009-3555
Added:
branches/lenny-apache2/patches/076_CVE-2009-3555.dpatch
Modified:
branches/lenny-apache2/changelog
branches/lenny-apache2/patches/00list
Modified: branches/lenny-apache2/changelog
URL: http://svn.debian.org/wsvn/pkg-apache/branches/lenny-apache2/changelog?rev=1157&op=diff
==============================================================================
--- branches/lenny-apache2/changelog (original)
+++ branches/lenny-apache2/changelog Tue Mar 2 20:30:27 2010
@@ -1,3 +1,13 @@
+apache2 (2.2.9-10+lenny6) stable-security; urgency=high
+
+ * Security:
+ - Reject any client-initiated SSL/TLS renegotiations. This is a partial fix
+ for the TLS renegotiation prefix injection attack (CVE-2009-3555).
+ Any configuration which requires renegotiation for per-directory/location
+ access control or uses "SSLVerifyClient optional" is still vulnerable.
+
+ -- Stefan Fritsch <sf at debian.org> Sat, 14 Nov 2009 21:10:47 +0100
+
apache2 (2.2.9-10+lenny5) stable; urgency=low
* Minor security fixes in mod_proxy_ftp (closes: #545951):
Modified: branches/lenny-apache2/patches/00list
URL: http://svn.debian.org/wsvn/pkg-apache/branches/lenny-apache2/patches/00list?rev=1157&op=diff
==============================================================================
--- branches/lenny-apache2/patches/00list (original)
+++ branches/lenny-apache2/patches/00list Tue Mar 2 20:30:27 2010
@@ -34,6 +34,7 @@
073_no_deflate_for_HEAD.dpatch
074_CVE-2009-3094.dpatch
075_CVE-2009-3095.dpatch
+076_CVE-2009-3555.dpatch
099_config_guess_sub_update
200_cp_suexec.dpatch
201_build_suexec-custom.dpatch
Added: branches/lenny-apache2/patches/076_CVE-2009-3555.dpatch
URL: http://svn.debian.org/wsvn/pkg-apache/branches/lenny-apache2/patches/076_CVE-2009-3555.dpatch?rev=1157&op=file
==============================================================================
--- branches/lenny-apache2/patches/076_CVE-2009-3555.dpatch (added)
+++ branches/lenny-apache2/patches/076_CVE-2009-3555.dpatch Tue Mar 2 20:30:27 2010
@@ -1,0 +1,300 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: TLS/SSL partial fix for CVE-2009-3555
+
+ at DPATCH@
+ *) SECURITY: CVE-2009-3555 (cve.mitre.org)
+ A partial fix for the TLS renegotiation prefix injection attack by
+ rejecting any client-initiated renegotiations. Any configuration
+ which requires renegotiation for per-directory/location access
+ control is still vulnerable, unless using OpenSSL >= 0.9.8l.
+ [Joe Orton, Ruediger Pluem]
+
+diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
+index 7eb8ffa..abeaa32 100644
+--- a/modules/ssl/ssl_engine_init.c
++++ b/modules/ssl/ssl_engine_init.c
+@@ -492,10 +492,7 @@ static void ssl_init_ctx_callbacks(server_rec *s,
+ SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA);
+ SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH);
+
+- if (s->loglevel >= APLOG_DEBUG) {
+- /* this callback only logs if LogLevel >= info */
+- SSL_CTX_set_info_callback(ctx, ssl_callback_LogTracingState);
+- }
++ SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
+ }
+
+ static void ssl_init_ctx_verify(server_rec *s,
+diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c
+index ba9f4ee..116caf2 100644
+--- a/modules/ssl/ssl_engine_io.c
++++ b/modules/ssl/ssl_engine_io.c
+@@ -102,6 +102,7 @@ typedef struct {
+ ap_filter_t *pInputFilter;
+ ap_filter_t *pOutputFilter;
+ int nobuffer; /* non-zero to prevent buffering */
++ SSLConnRec *config;
+ } ssl_filter_ctx_t;
+
+ typedef struct {
+@@ -192,7 +193,13 @@ static int bio_filter_out_read(BIO *bio, char *out, int outl)
+ static int bio_filter_out_write(BIO *bio, const char *in, int inl)
+ {
+ bio_filter_out_ctx_t *outctx = (bio_filter_out_ctx_t *)(bio->ptr);
+-
++
++ /* Abort early if the client has initiated a renegotiation. */
++ if (outctx->filter_ctx->config->reneg_state == RENEG_ABORT) {
++ outctx->rc = APR_ECONNABORTED;
++ return -1;
++ }
++
+ /* when handshaking we'll have a small number of bytes.
+ * max size SSL will pass us here is about 16k.
+ * (16413 bytes to be exact)
+@@ -465,6 +472,12 @@ static int bio_filter_in_read(BIO *bio, char *in, int inlen)
+ if (!in)
+ return 0;
+
++ /* Abort early if the client has initiated a renegotiation. */
++ if (inctx->filter_ctx->config->reneg_state == RENEG_ABORT) {
++ inctx->rc = APR_ECONNABORTED;
++ return -1;
++ }
++
+ /* XXX: flush here only required for SSLv2;
+ * OpenSSL calls BIO_flush() at the appropriate times for
+ * the other protocols.
+@@ -1683,6 +1696,8 @@ void ssl_io_filter_init(conn_rec *c, SSL *ssl)
+
+ filter_ctx = apr_palloc(c->pool, sizeof(ssl_filter_ctx_t));
+
++ filter_ctx->config = myConnConfig(c);
++
+ filter_ctx->nobuffer = 0;
+ filter_ctx->pOutputFilter = ap_add_output_filter(ssl_io_filter,
+ filter_ctx, NULL, c);
+diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
+index 0a8e193..f7ae84c 100644
+--- a/modules/ssl/ssl_engine_kernel.c
++++ b/modules/ssl/ssl_engine_kernel.c
+@@ -621,6 +621,10 @@ int ssl_hook_Access(request_rec *r)
+ (unsigned char *)&id,
+ sizeof(id));
+
++ /* Toggle the renegotiation state to allow the new
++ * handshake to proceed. */
++ sslconn->reneg_state = RENEG_ALLOW;
++
+ SSL_renegotiate(ssl);
+ SSL_do_handshake(ssl);
+
+@@ -642,6 +646,8 @@ int ssl_hook_Access(request_rec *r)
+ SSL_set_state(ssl, SSL_ST_ACCEPT);
+ SSL_do_handshake(ssl);
+
++ sslconn->reneg_state = RENEG_REJECT;
++
+ if (SSL_get_state(ssl) != SSL_ST_OK) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
+ "Re-negotiation handshake failed: "
+@@ -1721,76 +1727,55 @@ void ssl_callback_DelSessionCacheEntry(SSL_CTX *ctx,
+ return;
+ }
+
+-/*
+- * This callback function is executed while OpenSSL processes the
+- * SSL handshake and does SSL record layer stuff. We use it to
+- * trace OpenSSL's processing in out SSL logfile.
+- */
+-void ssl_callback_LogTracingState(MODSSL_INFO_CB_ARG_TYPE ssl, int where, int rc)
++/* Dump debugginfo trace to the log file. */
++static void log_tracing_state(MODSSL_INFO_CB_ARG_TYPE ssl, conn_rec *c,
++ server_rec *s, int where, int rc)
+ {
+- conn_rec *c;
+- server_rec *s;
+- SSLSrvConfigRec *sc;
+-
+ /*
+- * find corresponding server
++ * create the various trace messages
+ */
+- if (!(c = (conn_rec *)SSL_get_app_data((SSL *)ssl))) {
+- return;
++ if (where & SSL_CB_HANDSHAKE_START) {
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
++ "%s: Handshake: start", SSL_LIBRARY_NAME);
+ }
+-
+- s = c->base_server;
+- if (!(sc = mySrvConfig(s))) {
+- return;
++ else if (where & SSL_CB_HANDSHAKE_DONE) {
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
++ "%s: Handshake: done", SSL_LIBRARY_NAME);
+ }
+-
+- /*
+- * create the various trace messages
+- */
+- if (s->loglevel >= APLOG_DEBUG) {
+- if (where & SSL_CB_HANDSHAKE_START) {
+- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+- "%s: Handshake: start", SSL_LIBRARY_NAME);
+- }
+- else if (where & SSL_CB_HANDSHAKE_DONE) {
+- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+- "%s: Handshake: done", SSL_LIBRARY_NAME);
+- }
+- else if (where & SSL_CB_LOOP) {
+- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+- "%s: Loop: %s",
+- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+- }
+- else if (where & SSL_CB_READ) {
++ else if (where & SSL_CB_LOOP) {
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
++ "%s: Loop: %s",
++ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
++ }
++ else if (where & SSL_CB_READ) {
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
++ "%s: Read: %s",
++ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
++ }
++ else if (where & SSL_CB_WRITE) {
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
++ "%s: Write: %s",
++ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
++ }
++ else if (where & SSL_CB_ALERT) {
++ char *str = (where & SSL_CB_READ) ? "read" : "write";
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
++ "%s: Alert: %s:%s:%s",
++ SSL_LIBRARY_NAME, str,
++ SSL_alert_type_string_long(rc),
++ SSL_alert_desc_string_long(rc));
++ }
++ else if (where & SSL_CB_EXIT) {
++ if (rc == 0) {
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+- "%s: Read: %s",
++ "%s: Exit: failed in %s",
+ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+ }
+- else if (where & SSL_CB_WRITE) {
++ else if (rc < 0) {
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+- "%s: Write: %s",
++ "%s: Exit: error in %s",
+ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+ }
+- else if (where & SSL_CB_ALERT) {
+- char *str = (where & SSL_CB_READ) ? "read" : "write";
+- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+- "%s: Alert: %s:%s:%s",
+- SSL_LIBRARY_NAME, str,
+- SSL_alert_type_string_long(rc),
+- SSL_alert_desc_string_long(rc));
+- }
+- else if (where & SSL_CB_EXIT) {
+- if (rc == 0) {
+- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+- "%s: Exit: failed in %s",
+- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+- }
+- else if (rc < 0) {
+- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+- "%s: Exit: error in %s",
+- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+- }
+- }
+ }
+
+ /*
+@@ -1810,3 +1795,49 @@ void ssl_callback_LogTracingState(MODSSL_INFO_CB_ARG_TYPE ssl, int where, int rc
+ }
+ }
+
++/*
++ * This callback function is executed while OpenSSL processes the SSL
++ * handshake and does SSL record layer stuff. It's used to trap
++ * client-initiated renegotiations, and for dumping everything to the
++ * log.
++ */
++void ssl_callback_Info(MODSSL_INFO_CB_ARG_TYPE ssl, int where, int rc)
++{
++ conn_rec *c;
++ server_rec *s;
++ SSLConnRec *scr;
++
++ /* Retrieve the conn_rec and the associated SSLConnRec. */
++ if ((c = (conn_rec *)SSL_get_app_data((SSL *)ssl)) == NULL) {
++ return;
++ }
++
++ if ((scr = myConnConfig(c)) == NULL) {
++ return;
++ }
++
++ /* If the reneg state is to reject renegotiations, check the SSL
++ * state machine and move to ABORT if a Client Hello is being
++ * read. */
++ if ((where & SSL_CB_ACCEPT_LOOP) && scr->reneg_state == RENEG_REJECT) {
++ int state = SSL_get_state(ssl);
++
++ if (state == SSL3_ST_SR_CLNT_HELLO_A
++ || state == SSL23_ST_SR_CLNT_HELLO_A) {
++ scr->reneg_state = RENEG_ABORT;
++ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
++ "rejecting client initiated renegotiation");
++ }
++ }
++ /* If the first handshake is complete, change state to reject any
++ * subsequent client-initated renegotiation. */
++ else if ((where & SSL_CB_HANDSHAKE_DONE) && scr->reneg_state == RENEG_INIT) {
++ scr->reneg_state = RENEG_REJECT;
++ }
++
++ s = c->base_server;
++ if (s && s->loglevel >= APLOG_DEBUG) {
++ log_tracing_state(ssl, c, s, where, rc);
++ }
++}
++
+diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
+index b66e602..51c9b39 100644
+--- a/modules/ssl/ssl_private.h
++++ b/modules/ssl/ssl_private.h
+@@ -347,6 +347,19 @@ typedef struct {
+ int is_proxy;
+ int disabled;
+ int non_ssl_request;
++
++ /* Track the handshake/renegotiation state for the connection so
++ * that all client-initiated renegotiations can be rejected, as a
++ * partial fix for CVE-2009-3555. */
++ enum {
++ RENEG_INIT = 0, /* Before initial handshake */
++ RENEG_REJECT, /* After initial handshake; any client-initiated
++ * renegotiation should be rejected */
++ RENEG_ALLOW, /* A server-initated renegotiation is taking
++ * place (as dictated by configuration) */
++ RENEG_ABORT /* Renegotiation initiated by client, abort the
++ * connection */
++ } reneg_state;
+ } SSLConnRec;
+
+ typedef struct {
+@@ -554,7 +567,7 @@ int ssl_callback_proxy_cert(SSL *ssl, MODSSL_CLIENT_CERT_CB_ARG_TYPE **
+ int ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *);
+ SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *);
+ void ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *);
+-void ssl_callback_LogTracingState(MODSSL_INFO_CB_ARG_TYPE, int, int);
++void ssl_callback_Info(MODSSL_INFO_CB_ARG_TYPE, int, int);
+
+ /** Session Cache Support */
+ void ssl_scache_init(server_rec *, apr_pool_t *);
More information about the Pkg-apache-commits
mailing list