文件名称:
openssh-5.8p2.tar.gz
开发工具:
文件大小: 1mb
下载次数: 0
上传时间: 2014-07-01
详细说明: untrusted comment: signature from openbsd 5.5 base secret key RWRGy8gxk9N930mZSNhSVZg9DPFLNT0qQcEGhQeQ55awDf4RfJqPXB6lz71jQatqYzr3XkzyUyckpP4nSCE+XmoICZEPwVhjhA8= OpenBSD 5.5 errata 2, Apr 8, 2014: Missing bounds checking in OpenSSL's implementation of the TLS/DTLS heartbeat extension (RFC6520) which, if exploited, can result in a leak of memory contents. After patching, private keys and certificates exposed to services running this code (for example web/mail server SSL certificates) should be replaced and old certificates re voked. Only SSL/TLS services are affected. Software that uses libcrypto alone is not affected. In particular, ssh/sshd are not affected and there is no need to regenerate SSH host keys that have not otherwise been exposed. Apply patch using: signify -Vep /etc/signify/openbsd-55-base.pub -x 002_openssl.patch.sig \ -m - | (cd /usr/src && patch -p0) Then build and install libssl cd /usr/src/lib/libssl/ssl make obj make make install Also recompile any statically-linked binaries depending on it - in the base OS, this is just ftp(1): cd /usr/src/usr.bin/ftp make obj make clean make make install Then restart services which depend on SSL. Index: lib/libssl/src/ssl/d1_both.c =================================================================== RCS file: /cvs/src/lib/libssl/src/ssl/d1_both.c,v retrieving revision 1.2 diff -u -p -r1.2 d1_both.c --- lib/libssl/src/ssl/d1_both.c 27 Feb 2014 21:04:57 -0000 1.2 +++ lib/libssl/src/ssl/d1_both.c 8 Apr 2014 00:22:22 -0000 @@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s) unsigned int payload; unsigned int padding = 16; /* Use minimum padding */ - /* Read type and payload length first */ - hbtype = *p++; - n2s(p, payload); - pl = p; - if (s->msg_callback) s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, &s->s3->rrec.data[0], s->s3->rrec.length, s, s->msg_callback_arg); + /* Read type and payload length first */ + if (1 + 2 + 16 > s->s3->rrec.length) + return 0; /* silently discard */ + hbtype = *p++; + n2s(p, payload); + if (1 + 2 + payload + 16 > s->s3->rrec.length) + return 0; /* silently discard per RFC 6520 sec. 4 */ + pl = p; + if (hbtype == TLS1_HB_REQUEST) { unsigned char *buffer, *bp; + unsigned int write_length = 1 /* heartbeat type */ + + 2 /* heartbeat length */ + + payload + padding; int r; + if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) + return 0; ...展开收缩
(系统自动生成,下载前可以参看下载内容)
下载文件列表
相关说明
- 本站资源为会员上传分享交流与学习,如有侵犯您的权益,请联系我们删除.
- 本站是交换下载平台,提供交流渠道,下载内容来自于网络,除下载问题外,其它问题请自行百度。
- 本站已设置防盗链,请勿用迅雷、QQ旋风等多线程下载软件下载资源,下载后用WinRAR最新版进行解压.
- 如果您发现内容无法下载,请稍后再次尝试;或者到消费记录里找到下载记录反馈给我们.
- 下载后发现下载的内容跟说明不相乎,请到消费记录里找到下载记录反馈给我们,经确认后退回积分.
- 如下载前有疑问,可以通过点击"提供者"的名字,查看对方的联系方式,联系对方咨询.
