|
|
LibreSSL 2.1.3 vulnerable to information leak | |||
| Reported by groebert@google.com, Feb 25 2015 | Back to list | |||
In libressl-2.1.3/ssl/t1_lib.c the function ssl_add_clienthello_tlsext adds the TLS extension EllipticCurves to the ClientHello message: const uint16_t *curves; [..] tls1_get_curvelist(s, 0, &curves, &curveslen); In the function tls1_get_curvelist the default is used: *pcurves = eccurves_default; // global *pcurveslen = sizeof(eccurves_default); // 56 Later the size of the global eccurves_default in bytes is used to index into the curves array. This leads to an out-of-bounds read access which leaks adjacent memory to the ClientHello message. for (i = 0; i < curveslen; i++) s2n(curves[i], ret); A pointer to function tls1_new is nearby eccurves_default in my test build. The vulnerability could be used to leak the pointer. This bug is subject to a 90 day disclosure deadline. If 90 days elapse without a broadly available patch, then the bug report will automatically become visible to the public.
Comment 1
by
cevans@google.com,
Feb 25 2015
,
Feb 25 2015
,
Mar 2 2015
This has just been fixed in t1_lib.c r1.75 and will show up in LibreSSL portable 2.1.4, which is soon to be released.
,
May 6 2015
http://undeadly.org/cgi?action=article&sid=20150304092744 |
||||
| ► Sign in to add a comment | ||||