aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJo-Philipp Wich <jo@mein.io>2019-11-05 15:07:55 +0100
committerJo-Philipp Wich <jo@mein.io>2019-11-05 15:09:47 +0100
commitc5d5cdb759adc890ce6699117b7119acf280ce77 (patch)
treeb100e1d053c23090344df8a1ac8dd9cbe9483183
parent439ac8104bf68b4843b94e9848a33f99ee5a3085 (diff)
downloadupstream-c5d5cdb759adc890ce6699117b7119acf280ce77.tar.gz
upstream-c5d5cdb759adc890ce6699117b7119acf280ce77.tar.bz2
upstream-c5d5cdb759adc890ce6699117b7119acf280ce77.zip
ustream-ssl: backport fix for CVE-2019-5101, CVE-2019-5102
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
-rw-r--r--package/libs/ustream-ssl/Makefile2
-rw-r--r--package/libs/ustream-ssl/patches/0001-ustream-ssl-skip-writing-pending-data.patch56
2 files changed, 57 insertions, 1 deletions
diff --git a/package/libs/ustream-ssl/Makefile b/package/libs/ustream-ssl/Makefile
index 5d94ada4d8..f6457fc484 100644
--- a/package/libs/ustream-ssl/Makefile
+++ b/package/libs/ustream-ssl/Makefile
@@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=ustream-ssl
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=$(PROJECT_GIT)/project/ustream-ssl.git
diff --git a/package/libs/ustream-ssl/patches/0001-ustream-ssl-skip-writing-pending-data.patch b/package/libs/ustream-ssl/patches/0001-ustream-ssl-skip-writing-pending-data.patch
new file mode 100644
index 0000000000..e6f08c19e3
--- /dev/null
+++ b/package/libs/ustream-ssl/patches/0001-ustream-ssl-skip-writing-pending-data.patch
@@ -0,0 +1,56 @@
+From c9b6668215a27f2346d5eedd6f29cc720985b448 Mon Sep 17 00:00:00 2001
+From: Jo-Philipp Wich <jo@mein.io>
+Date: Wed, 11 Sep 2019 21:09:59 +0200
+Subject: [PATCH] ustream-ssl: skip writing pending data if .eof is true after
+ connect
+
+Check the .eof member of the underlying ustream after the call to
+__ustream_ssl_connect() since existing users of the library appear
+to set the eof flag as a way to signal connection termination upon
+failing certificate verification.
+
+This is a stop-gap measure to address TALOS-2019-0893 but a proper
+API redesign is required to give applications proper control over
+whether certificate failures are to be ignored or not and the default
+implementation without custom callbacks should always terminate on
+verification failures.
+
+Signed-off-by: Jo-Philipp Wich <jo@mein.io>
+---
+ ustream-ssl.c | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+diff --git a/ustream-ssl.c b/ustream-ssl.c
+index e6b084b..47f66d6 100644
+--- a/ustream-ssl.c
++++ b/ustream-ssl.c
+@@ -40,6 +40,26 @@ static void ustream_ssl_check_conn(struct ustream_ssl *us)
+ return;
+
+ if (__ustream_ssl_connect(us) == U_SSL_OK) {
++
++ /* __ustream_ssl_connect() will also return U_SSL_OK when certificate
++ * verification failed!
++ *
++ * Applications may register a custom .notify_verify_error callback in the
++ * struct ustream_ssl which is called upon verification failures, but there
++ * is no straight forward way for the callback to terminate the connection
++ * initiation right away, e.g. through a true or false return value.
++ *
++ * Instead, existing implementations appear to set .eof field of the underlying
++ * ustream in the hope that this inhibits further operations on the stream.
++ *
++ * Declare this informal behaviour "official" and check for the state of the
++ * .eof member after __ustream_ssl_connect() returned, and do not write the
++ * pending data if it is set to true.
++ */
++
++ if (us->stream.eof)
++ return;
++
+ us->connected = true;
+ if (us->notify_connected)
+ us->notify_connected(us);
+--
+2.20.1
+