Skip to main content
Revision 9871417fb74dca48ea1dc85ae666a6529d113ff8 authored by Adam Langley on 06 June 2014, 21:30:33 UTC, committed by Matt Caswell on 06 August 2014, 19:27:51 UTC
Fix memory leak from zero-length DTLS fragments.
The |pqueue_insert| function can fail if one attempts to insert a
duplicate sequence number. When handling a fragment of an out of
sequence message, |dtls1_process_out_of_seq_message| would not call
|dtls1_reassemble_fragment| if the fragment's length was zero. It would
then allocate a fresh fragment and attempt to insert it, but ignore the
return value, leaking the fragment.

This allows an attacker to exhaust the memory of a DTLS peer.

Fixes CVE-2014-3507

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
1 parent fc7804e
History
FileModeSize
MacOS
Netware
VMS
apps
bugs
certs
crypto
demos
doc
engines
include
ms
os2
perl
shlib
ssl
test
times
tools
util
.cvsignore -rw-r--r--193 bytes
.gitignore -rw-r--r--1.0 KB
ACKNOWLEDGMENTS -rw-r--r--1.0 KB
CHANGES -rw-r--r--435.0 KB
CHANGES.SSLeay -rw-r--r--41.7 KB
Configure -rwxr-xr-x103.6 KB
FAQ -rw-r--r--45.4 KB
INSTALL -rw-r--r--14.3 KB
INSTALL.DJGPP -rw-r--r--2.0 KB
INSTALL.MacOS -rw-r--r--3.2 KB
INSTALL.NW -rw-r--r--18.4 KB
INSTALL.OS2 -rw-r--r--744 bytes
INSTALL.VMS -rw-r--r--10.7 KB
INSTALL.W32 -rw-r--r--11.6 KB
INSTALL.W64 -rw-r--r--2.1 KB
INSTALL.WCE -rw-r--r--3.2 KB
LICENSE -rw-r--r--6.1 KB
Makefile.org -rw-r--r--23.6 KB
Makefile.shared -rw-r--r--21.4 KB
NEWS -rw-r--r--30.3 KB
PROBLEMS -rw-r--r--8.5 KB
README -rw-r--r--8.9 KB
README.ASN1 -rw-r--r--7.5 KB
README.ENGINE -rw-r--r--15.7 KB
TABLE -rw-r--r--155.1 KB
config -rwxr-xr-x27.7 KB
e_os.h -rw-r--r--23.0 KB
e_os2.h -rw-r--r--10.2 KB
install.com -rw-r--r--3.6 KB
makevms.com -rwxr-xr-x38.8 KB
openssl.doxy -rw-r--r--137 bytes
openssl.spec -rw-r--r--7.7 KB

README

back to top