Disable SSL renegotiation in order to protect against a serious

protocol flaw. [09:15] Correctly handle failures from unsetenv resulting from a corrupt environment in rtld-elf. [09:16] Fix permissions in freebsd-update in order to prevent leakage of sensitive files. [09:17] Approved by: so (cperciva) Security: FreeBSD-SA-09:15.ssl Security: FreeBSD-SA-09:16.rtld Security: FreeBSD-SA-09:17.freebsd-udpate
svn path=/head/; revision=200054
2009-12-03 09:18:40 +00:00 · 2009-12-03 09:18:40 +00:00 · a235643007 · 2020-12-20 02:59:44 +00:00
commit a235643007
parent 86439baac2
5 changed files with 14 additions and 6 deletions
--- a/crypto/openssl/ssl/s3_lib.c
+++ b/crypto/openssl/ssl/s3_lib.c
@ -2592,6 +2592,9 @@ int ssl3_renegotiate(SSL *s)
 	if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
 		return(0);

+	if (1)
+		return(0);
+
 	s->s3->renegotiate=1;
 	return(1);
 	}
--- a/crypto/openssl/ssl/s3_pkt.c
+++ b/crypto/openssl/ssl/s3_pkt.c
@ -983,9 +983,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
 		if (s->msg_callback)
 			s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);

-		if (SSL_is_init_finished(s) &&
-			!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
-			!s->s3->renegotiate)
+		if (0)
 			{
 			ssl3_renegotiate(s);
 			if (ssl3_renegotiate_check(s))
@ -1116,8 +1114,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
 	/* Unexpected handshake message (Client Hello, or protocol violation) */
 	if ((s->s3->handshake_fragment_len >= 4) &&	!s->in_handshake)
 		{
-		if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
-			!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
+		if (0)
 			{
 #if 0 /* worked only because C operator preferences are not as expected (and
       * because this is not really needed for clients except for detecting
--- a/crypto/openssl/ssl/s3_srvr.c
+++ b/crypto/openssl/ssl/s3_srvr.c
@ -718,6 +718,13 @@ int ssl3_get_client_hello(SSL *s)
 #endif
 	STACK_OF(SSL_CIPHER) *ciphers=NULL;

+	if (s->new_session)
+		{
+		al=SSL_AD_HANDSHAKE_FAILURE;
+		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+		goto f_err;
+		}
+
 	/* We do this so that we will respond with our native type.
 	 * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
 	 * This down switching should be handled by a different method.
--- a/etc/mtree/BSD.var.dist
+++ b/etc/mtree/BSD.var.dist
@ -32,7 +32,7 @@
    db
        entropy         uname=operator gname=operator mode=0700
        ..
-        freebsd-update
+        freebsd-update  mode=0700
        ..
        ipf             mode=0700
        ..
--- a/usr.sbin/freebsd-update/freebsd-update.sh
+++ b/usr.sbin/freebsd-update/freebsd-update.sh
@ -603,6 +603,7 @@ fetch_check_params () {
 		echo ${WORKDIR}
 		exit 1
 	fi
+	chmod 700 ${WORKDIR}
 	cd ${WORKDIR} || exit 1

 	# Generate release number.  The s/SECURITY/RELEASE/ bit exists