FS#39832 - [openssl] OpenSSL is vulnerable to a use after free bug which may cause race conditions

Attached to Project: Arch Linux
Opened by wes (Nisstyre56) - Sunday, 13 April 2014, 05:44 GMT
Last edited by Pierre Schmitz (Pierre) - Thursday, 05 June 2014, 15:52 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Pierre Schmitz (Pierre)
Architecture All
Severity Critical
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 5
Private No


Description: Latest versions of OpenSSL are vulnerable to a use after free bug. OpenSSL tries to free a buffer before it is empty which may cause a race condition that allows memory injection between connections that share said buffer (according to the OpenBSD security team).

There is a patch and advisory available at http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/008_openssl.patch

This seems to be the affected line in OpenSSL: https://github.com/openssl/openssl/blob/master/ssl/s3_pkt.c#L1337

Versions: 1.0.1f and 1.0.1g are known to have the bug.
This task depends upon

Closed by  Pierre Schmitz (Pierre)
Thursday, 05 June 2014, 15:52 GMT
Reason for closing:  Upstream
Comment by Pierre Schmitz (Pierre) - Sunday, 13 April 2014, 06:08 GMT
Why is this not fixed upstream?
Comment by wes (Nisstyre56) - Sunday, 13 April 2014, 06:42 GMT
I do not know why it hasn't been merged upstream yet. I suspect the obsd developers may report it to upstream as well, but in the meantime maybe it would be a good idea to apply the patch. Or if you don't think it's immediately exploitable to wait. My understanding was that this is only exploitable if you have built with OPENSSL_NO_BUF_FREELIST which is not the default, but I could be wrong.
Comment by wes (Nisstyre56) - Tuesday, 22 April 2014, 00:19 GMT
Since it looks like the OpenBSD developers intend to fork OpenSSL ( http://www.zdnet.com/openbsd-forks-prunes-fixes-openssl-7000028613/ ) it may be a good idea to close this bug and wait until it gets fixed upstream?
Comment by Daniel Micay (thestinger) - Wednesday, 23 April 2014, 00:59 GMT
If it's a genuine double free bug the issue should stay open.
Comment by beta990 (beta990) - Thursday, 24 April 2014, 19:56 GMT
Is still the case? I don't think waiting for upstream to fix it is a good idea. Because this issue should be fixed asap. :)
Comment by Sapalot (superfranky) - Tuesday, 06 May 2014, 21:29 GMT
It's now officially assigned with CVE-2010-5298.

Since waiting for upstream to react isn't pro-active,
please apply the patch as soon as possible as it affects all openssl versions according to the CVE.


Patches are identical and just for reference here.
Comment by Sapalot (superfranky) - Thursday, 05 June 2014, 13:36 GMT
This is now fixed and included in the official openssl-1.0.1h version.

Official OpenSSL Security Advisory states:

----------- 8< snip >8 -------------

SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)

A race condition in the ssl3_read_bytes function can allow remote
attackers to inject data across sessions or cause a denial of service.
This flaw only affects multithreaded applications using OpenSSL 1.0.0
and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the
default and not common.

OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.

This issue was reported in public.

----------- 8< snip >8 -------------

For any future security fixes in regard to openssl,
I ask here very politely that you consider applying patches
rather sooner and not waiting almost two months.
Comment by Pierre Schmitz (Pierre) - Thursday, 05 June 2014, 15:52 GMT
I am not going to add patches that are not upstream.