[OpenSSL-1.0.2] TNF local patch - CVE-2017-3737 Read/write after SSL object in error state
original commit message:
http://mail-index.netbsd.org/source-changes/2018/04/18/msg094491.html
Comments (2)
-
reporter -
reporter - changed status to resolved
BUGFIX: Issue
- CVE-2017-3737 Read/write after SSL object in error state#173cherry-picked from OpenSSL-1_0_2-stable branch: https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc
original commit message:
Don't allow read/write after fatal error
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer.
In order to exploit this issue an attacker would have to trick an application into behaving incorrectly by issuing an SSL_read()/SSL_write() after having already received a fatal error.
Thanks to David Benjamin (Google) for reporting this issue and suggesting this fix.
CVE-2017-3737
Reviewed-by: Rich Salz rsalz@openssl.org
→ <<cset b0f4be41ba42a7e3b16434657909a41446a3a58c>>
- Log in to comment
fix in OpenSSL-1_0_2-stabled:
https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc