diff options
| author | Colin Percival <cperciva@FreeBSD.org> | 2009-12-03 09:18:40 +0000 |
|---|---|---|
| committer | Colin Percival <cperciva@FreeBSD.org> | 2009-12-03 09:18:40 +0000 |
| commit | c08f10bc4888982e18312f4b2bd817d0aca58314 (patch) | |
| tree | 238adf9a44d550cd98ecea43ff9095ce5855c1ce | |
| parent | 59dd044d1cb744d3dba6b41c41e196b54e8fd9f8 (diff) | |
Disable SSL renegotiation in order to protect against a serious
protocol flaw. [09:15]
Correctly handle failures from unsetenv resulting from a corrupt
environment in rtld-elf. [09:16]
Fix permissions in freebsd-update in order to prevent leakage of
sensitive files. [09:17]
Approved by: so (cperciva)
Security: FreeBSD-SA-09:15.ssl
Security: FreeBSD-SA-09:16.rtld
Security: FreeBSD-SA-09:17.freebsd-udpate
Notes
Notes:
svn path=/releng/8.0/; revision=200054
| -rw-r--r-- | UPDATING | 11 | ||||
| -rw-r--r-- | crypto/openssl/ssl/s3_lib.c | 3 | ||||
| -rw-r--r-- | crypto/openssl/ssl/s3_pkt.c | 7 | ||||
| -rw-r--r-- | crypto/openssl/ssl/s3_srvr.c | 7 | ||||
| -rw-r--r-- | etc/mtree/BSD.var.dist | 2 | ||||
| -rw-r--r-- | libexec/rtld-elf/rtld.c | 12 | ||||
| -rw-r--r-- | usr.sbin/freebsd-update/freebsd-update.sh | 1 |
7 files changed, 31 insertions, 12 deletions
@@ -15,6 +15,17 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8.x IS SLOW ON IA64 OR SUN4V: debugging tools present in HEAD were left in place because sun4v support still needs work to become production ready. +20091203: p1 FreeBSD-SA-09:15.ssl, FreeBSD-SA-09:16.rtld, + FreeBSD-SA-09:17.freebsd-update + Disable SSL renegotiation in order to protect against a serious + protocol flaw. [09:15] + + Correctly handle failures from unsetenv resulting from a corrupt + environment in rtld-elf. [09:16] + + Fix permissions in freebsd-update in order to prevent leakage of + sensitive files. [09:17] + 20091125: 8.0-RELEASE. diff --git a/crypto/openssl/ssl/s3_lib.c b/crypto/openssl/ssl/s3_lib.c index 8916a0b1b3c7..1b38f72d0865 100644 --- a/crypto/openssl/ssl/s3_lib.c +++ b/crypto/openssl/ssl/s3_lib.c @@ -2592,6 +2592,9 @@ int ssl3_renegotiate(SSL *s) if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) return(0); + if (1) + return(0); + s->s3->renegotiate=1; return(1); } diff --git a/crypto/openssl/ssl/s3_pkt.c b/crypto/openssl/ssl/s3_pkt.c index 9476dcddf6e9..1644f19d49c0 100644 --- a/crypto/openssl/ssl/s3_pkt.c +++ b/crypto/openssl/ssl/s3_pkt.c @@ -983,9 +983,7 @@ start: if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg); - if (SSL_is_init_finished(s) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && - !s->s3->renegotiate) + if (0) { ssl3_renegotiate(s); if (ssl3_renegotiate_check(s)) @@ -1116,8 +1114,7 @@ start: /* Unexpected handshake message (Client Hello, or protocol violation) */ if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) { - if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) + if (0) { #if 0 /* worked only because C operator preferences are not as expected (and * because this is not really needed for clients except for detecting diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c index 80b45eb86ff1..b2ba9ffeb03d 100644 --- a/crypto/openssl/ssl/s3_srvr.c +++ b/crypto/openssl/ssl/s3_srvr.c @@ -718,6 +718,13 @@ int ssl3_get_client_hello(SSL *s) #endif STACK_OF(SSL_CIPHER) *ciphers=NULL; + if (s->new_session) + { + al=SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); + goto f_err; + } + /* We do this so that we will respond with our native type. * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, * This down switching should be handled by a different method. diff --git a/etc/mtree/BSD.var.dist b/etc/mtree/BSD.var.dist index 29b48622199c..f55fbbb23b7b 100644 --- a/etc/mtree/BSD.var.dist +++ b/etc/mtree/BSD.var.dist @@ -32,7 +32,7 @@ db entropy uname=operator gname=operator mode=0700 .. - freebsd-update + freebsd-update mode=0700 .. ipf mode=0700 .. diff --git a/libexec/rtld-elf/rtld.c b/libexec/rtld-elf/rtld.c index 2eebf220b5c7..2c56579551fb 100644 --- a/libexec/rtld-elf/rtld.c +++ b/libexec/rtld-elf/rtld.c @@ -366,12 +366,12 @@ _rtld(Elf_Addr *sp, func_ptr_type *exit_proc, Obj_Entry **objp) * future processes to honor the potentially un-safe variables. */ if (!trust) { - unsetenv(LD_ "PRELOAD"); - unsetenv(LD_ "LIBMAP"); - unsetenv(LD_ "LIBRARY_PATH"); - unsetenv(LD_ "LIBMAP_DISABLE"); - unsetenv(LD_ "DEBUG"); - unsetenv(LD_ "ELF_HINTS_PATH"); + if (unsetenv(LD_ "PRELOAD") || unsetenv(LD_ "LIBMAP") || + unsetenv(LD_ "LIBRARY_PATH") || unsetenv(LD_ "LIBMAP_DISABLE") || + unsetenv(LD_ "DEBUG") || unsetenv(LD_ "ELF_HINTS_PATH")) { + _rtld_error("environment corrupt; aborting"); + die(); + } } ld_debug = getenv(LD_ "DEBUG"); libmap_disable = getenv(LD_ "LIBMAP_DISABLE") != NULL; diff --git a/usr.sbin/freebsd-update/freebsd-update.sh b/usr.sbin/freebsd-update/freebsd-update.sh index 2eacca8d2fb4..de0c1a5639f4 100644 --- a/usr.sbin/freebsd-update/freebsd-update.sh +++ b/usr.sbin/freebsd-update/freebsd-update.sh @@ -600,6 +600,7 @@ fetch_check_params () { echo ${WORKDIR} exit 1 fi + chmod 700 ${WORKDIR} cd ${WORKDIR} || exit 1 # Generate release number. The s/SECURITY/RELEASE/ bit exists |