Skip to main content
  • Home
  • login
  • Browse the archive

    swh mirror partner logo
swh logo
SoftwareHeritage
Software
Heritage
Mirror
Features
  • Search

  • Downloads

  • Save code now

  • Add forge now

  • Help

Revision b095884a58876ccd3e65f620b7f80d61b4bce687 authored by Matt Caswell on 07 January 2015, 14:18:13 UTC, committed by Matt Caswell on 08 January 2015, 14:14:56 UTC
A memory leak can occur in dtls1_buffer_record if either of the calls to
ssl3_setup_buffers or pqueue_insert fail. The former will fail if there is a
malloc failure, whilst the latter will fail if attempting to add a duplicate
record to the queue. This should never happen because duplicate records should
be detected and dropped before any attempt to add them to the queue.
Unfortunately records that arrive that are for the next epoch are not being
recorded correctly, and therefore replays are not being detected.
Additionally, these "should not happen" failures that can occur in
dtls1_buffer_record are not being treated as fatal and therefore an attacker
could exploit this by sending repeated replay records for the next epoch,
eventually causing a DoS through memory exhaustion.

Thanks to Chris Mueller for reporting this issue and providing initial
analysis and a patch. Further analysis and the final patch was performed by
Matt Caswell from the OpenSSL development team.

CVE-2015-0206

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit 652ff0f4796eecd8729b4690f2076d1c7ccb2862)
1 parent f7fe3d2
  • Files
  • Changes
  • 261f636
  • /
  • apps
  • /
  • vms_decc_init.c
Raw File
Cook and download a directory from the Software Heritage Vault

You have requested the cooking of the directory with identifier None into a standard tar.gz archive.

Are you sure you want to continue ?

Download a directory from the Software Heritage Vault

You have requested the download of the directory with identifier None as a standard tar.gz archive.

Are you sure you want to continue ?

Cook and download a revision from the Software Heritage Vault

You have requested the cooking of the history heading to revision with identifier swh:1:rev:b095884a58876ccd3e65f620b7f80d61b4bce687 into a bare git archive.

Are you sure you want to continue ?

Download a revision from the Software Heritage Vault

You have requested the download of the history heading to revision with identifier swh:1:rev:b095884a58876ccd3e65f620b7f80d61b4bce687 as a bare git archive.

Are you sure you want to continue ?

Invalid Email !

The provided email is not well-formed.

Download link has expired

The requested archive is no longer available for download from the Software Heritage Vault.

Do you want to cook it again ?

Permalinks

To reference or cite the objects present in the Software Heritage archive, permalinks based on SoftWare Hash IDentifiers (SWHIDs) must be used.
Select below a type of object currently browsed in order to display its associated SWHID and permalink.

  • revision
  • content
revision badge
swh:1:rev:b095884a58876ccd3e65f620b7f80d61b4bce687
content badge Iframe embedding
swh:1:cnt:f512c8f1bcc5f362e0ad21868b97848cb00f56a4
vms_decc_init.c
#if defined( __VMS) && !defined( OPENSSL_NO_DECC_INIT) && \
 defined( __DECC) && !defined( __VAX) && (__CRTL_VER >= 70301000)
# define USE_DECC_INIT 1
#endif

#ifdef USE_DECC_INIT

/*
 * 2010-04-26 SMS.
 *
 *----------------------------------------------------------------------
 *
 *       decc_init()
 *
 *    On non-VAX systems, uses LIB$INITIALIZE to set a collection of C
 *    RTL features without using the DECC$* logical name method.
 *
 *----------------------------------------------------------------------
 */

#include <stdio.h>
#include <stdlib.h>
#include <unixlib.h>


/* Global storage. */

/* Flag to sense if decc_init() was called. */

int decc_init_done = -1;


/* Structure to hold a DECC$* feature name and its desired value. */

typedef struct
{
    char *name;
    int value;
} decc_feat_t;


/* Array of DECC$* feature names and their desired values.
 * Note: DECC$ARGV_PARSE_STYLE is the urgent one.
 */

decc_feat_t decc_feat_array[] =
{
 /* Preserve command-line case with SET PROCESS/PARSE_STYLE=EXTENDED */
 { "DECC$ARGV_PARSE_STYLE", 1 },

 /* Preserve case for file names on ODS5 disks. */
 { "DECC$EFS_CASE_PRESERVE", 1 },

 /* Enable multiple dots (and most characters) in ODS5 file names,
  * while preserving VMS-ness of ";version".
  */
 { "DECC$EFS_CHARSET", 1 },

 /* List terminator. */
 { (char *)NULL, 0 }
};


/* LIB$INITIALIZE initialization function. */

static void decc_init( void)
{
    char *openssl_debug_decc_init;
    int verbose = 0;
    int feat_index;
    int feat_value;
    int feat_value_max;
    int feat_value_min;
    int i;
    int sts;

    /* Get debug option. */
    openssl_debug_decc_init = getenv( "OPENSSL_DEBUG_DECC_INIT");
    if (openssl_debug_decc_init != NULL)
    {
        verbose = strtol( openssl_debug_decc_init, NULL, 10);
        if (verbose <= 0)
        {
            verbose = 1;
        }
    }

    /* Set the global flag to indicate that LIB$INITIALIZE worked. */
    decc_init_done = 1;

    /* Loop through all items in the decc_feat_array[]. */

    for (i = 0; decc_feat_array[ i].name != NULL; i++)
    {
        /* Get the feature index. */
        feat_index = decc$feature_get_index( decc_feat_array[ i].name);
        if (feat_index >= 0)
        {
            /* Valid item.  Collect its properties. */
            feat_value = decc$feature_get_value( feat_index, 1);
            feat_value_min = decc$feature_get_value( feat_index, 2);
            feat_value_max = decc$feature_get_value( feat_index, 3);

            /* Check the validity of our desired value. */
            if ((decc_feat_array[ i].value >= feat_value_min) &&
             (decc_feat_array[ i].value <= feat_value_max))
            {
                /* Valid value.  Set it if necessary. */
                if (feat_value != decc_feat_array[ i].value)
                {
                    sts = decc$feature_set_value( feat_index,
                     1,
                     decc_feat_array[ i].value);

                     if (verbose > 1)
                     {
                         fprintf( stderr, " %s = %d, sts = %d.\n",
                          decc_feat_array[ i].name,
                          decc_feat_array[ i].value,
                          sts);
                     }
                }
            }
            else
            {
                /* Invalid DECC feature value. */
                fprintf( stderr,
                 " INVALID DECC$FEATURE VALUE, %d: %d <= %s <= %d.\n",
                 feat_value,
                 feat_value_min, decc_feat_array[ i].name, feat_value_max);
            }
        }
        else
        {
            /* Invalid DECC feature name. */
            fprintf( stderr,
             " UNKNOWN DECC$FEATURE: %s.\n", decc_feat_array[ i].name);
        }
    }

    if (verbose > 0)
    {
        fprintf( stderr, " DECC_INIT complete.\n");
    }
}

/* Get "decc_init()" into a valid, loaded LIB$INITIALIZE PSECT. */

#pragma nostandard

/* Establish the LIB$INITIALIZE PSECTs, with proper alignment and
 * other attributes.  Note that "nopic" is significant only on VAX.
 */
#pragma extern_model save

#if __INITIAL_POINTER_SIZE == 64
# define PSECT_ALIGN 3
#else
# define PSECT_ALIGN 2
#endif

#pragma extern_model strict_refdef "LIB$INITIALIZ" PSECT_ALIGN, nopic, nowrt
const int spare[ 8] = { 0 };

#pragma extern_model strict_refdef "LIB$INITIALIZE" PSECT_ALIGN, nopic, nowrt
void (*const x_decc_init)() = decc_init;

#pragma extern_model restore

/* Fake reference to ensure loading the LIB$INITIALIZE PSECT. */

#pragma extern_model save

int LIB$INITIALIZE( void);

#pragma extern_model strict_refdef
int dmy_lib$initialize = (int) LIB$INITIALIZE;

#pragma extern_model restore

#pragma standard

#else /* def USE_DECC_INIT */

/* Dummy code to avoid a %CC-W-EMPTYFILE complaint. */
int decc_init_dummy( void);

#endif /* def USE_DECC_INIT */
The diff you're trying to view is too large. Only the first 1000 changed files have been loaded.
Showing with 0 additions and 0 deletions (0 / 0 diffs computed)
swh spinner

Computing file changes ...

ENEA — Copyright (C), ENEA. License: GNU AGPLv3+.
Legal notes  ::  JavaScript license information ::  Web API

back to top