http://heartbleed.com/

Mon Apr 7 21:02:47 UTC 2014

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi, Thomas,

On 04/07/14 13:49, Thomas Steen Rasmussen wrote:
> Hello,
> 
> http://heartbleed.com/ describes an openssl vulnerability
> published today. We are going to need an advisory for the openssl
> in base in FreeBSD 10 and we are also going to need an updated
> port.
> 
> The implications of this vulnerability are pretty massive, 
> certificates will need to be replaced and so on. I don't want to 
> repeat the page, so go read that.

We are already working on this but building, reviewing, etc. would
take some time.

Attached is the minimal fix (extracted from upstream git repository)
we are intending to use in the advisory for those who want to apply a
fix now, please DO NOT use any new certificates before applying fixes.

Cheers,
- -- 
Xin LI <delphij at delphij.net>    https://www.delphij.net/
FreeBSD - The Power to Serve!           Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)

iQIcBAEBCgAGBQJTQxJ1AAoJEJW2GBstM+nsz6AP/2m28eIzuF/JFhyZB7rkLAZR
vP9P0Tu1Vupwd6FN5X9m1O4t5ORhMfn5Y8SuxemHPg8NncaEptg43rs+TED4ucGd
ulyFLJsAZtCDlTTVRAuhp3PfvNllBcoG6a+sWg0qjDqxnzWpPZShCP8ay9g/3q4W
ceYJigXyi7KtKuNlc2YXlC5CA5NpKV9zsc0KhZj/PIq9qLiv+JYUriz1BRE8J+5P
CusO3usNgwHFx0XppMQRXxg/iSYnqs/YM6btENgsOBlRsCJkfSPbxE1z6Vmp0h27
mOWiBLIOOR97WfYHCUHUHg+1bpJKz6VXUDHbNjjoaaLWg2D4HCkqgm45mgKZBHwh
6SZUR90WthBbbFwJ3vY+wdARBO1V3RBg64ACZfYEIimqtGKZ5VaJgmYFLZc33RQr
O6Gpt7KeiwxaPYe/18zIiBULKeGBtQXettKpw4KOrkKSfnZePNxQIiqQmzLmfzXW
VwgRYlAAhjmv/ROCdnQJiKQKnloo9xUEPtk1ngmw6ThJJuDGS+Mcm1pWwbvMPF5/
cWXprDXW4/Hws8GCXbZxYRrC0xQ0zDL+K589H/3pTWV5ijnI/CpM1gzvd0NH/H4+
LQNILNJ+p2Uhp3D7yoz1bQC8gV2XeXROeNGEuY3VRyNbnv3z65mjWry/4QZo+kp6
NcKVrUpKLG4odhL7BXBF
=7rU5
-----END PGP SIGNATURE-----
-------------- next part --------------
Index: crypto/openssl/ssl/d1_both.c
===================================================================

--- crypto/openssl/ssl/d1_both.c	(revision 264059)
+++ crypto/openssl/ssl/d1_both.c	(working copy)
@@ -1458,26 +1458,36 @@ dtls1_process_heartbeat(SSL *s)
 	unsigned int payload;
 	unsigned int padding = 16; /* Use minimum padding */
 
+	if (s->msg_callback)
+		s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+			&s->s3->rrec.data[0], s->s3->rrec.length,
+			s, s->msg_callback_arg);
+
 	/* Read type and payload length first */
+	if (1 + 2 + 16 > s->s3->rrec.length)
+		return 0; /* silently discard */
 	hbtype = *p++;
 	n2s(p, payload);
+	if (1 + 2 + payload + 16 > s->s3->rrec.length)
+		return 0; /* silently discard per RFC 6520 sec. 4 */
 	pl = p;
 
-	if (s->msg_callback)
-		s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
-			&s->s3->rrec.data[0], s->s3->rrec.length,
-			s, s->msg_callback_arg);
-
 	if (hbtype == TLS1_HB_REQUEST)
 		{
 		unsigned char *buffer, *bp;
+		unsigned int write_length = 1 /* heartbeat type */ +
+					    2 /* heartbeat length */ +
+					    payload + padding;
 		int r;
 
+		if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
+			return 0;
+
 		/* Allocate memory for the response, size is 1 byte
 		 * message type, plus 2 bytes payload length, plus
 		 * payload, plus padding
 		 */
-		buffer = OPENSSL_malloc(1 + 2 + payload + padding);
+		buffer = OPENSSL_malloc(write_length);
 		bp = buffer;
 
 		/* Enter response type, length and copy payload */
@@ -1488,11 +1498,11 @@ dtls1_process_heartbeat(SSL *s)
 		/* Random padding */
 		RAND_pseudo_bytes(bp, padding);
 
-		r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
+		r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
 
 		if (r >= 0 && s->msg_callback)
 			s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
-				buffer, 3 + payload + padding,
+				buffer, write_length,
 				s, s->msg_callback_arg);
 
 		OPENSSL_free(buffer);
Index: crypto/openssl/ssl/t1_lib.c
===================================================================
--- crypto/openssl/ssl/t1_lib.c	(revision 264059)
+++ crypto/openssl/ssl/t1_lib.c	(working copy)
@@ -2486,16 +2486,20 @@ tls1_process_heartbeat(SSL *s)
 	unsigned int payload;
 	unsigned int padding = 16; /* Use minimum padding */
 
+	if (s->msg_callback)
+		s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+			&s->s3->rrec.data[0], s->s3->rrec.length,
+			s, s->msg_callback_arg);
+
 	/* Read type and payload length first */
+	if (1 + 2 + 16 > s->s3->rrec.length)
+		return 0; /* silently discard */
 	hbtype = *p++;
 	n2s(p, payload);
+	if (1 + 2 + payload + 16 > s->s3->rrec.length)
+		return 0; /* silently discard per RFC 6520 sec. 4 */
 	pl = p;
 
-	if (s->msg_callback)
-		s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
-			&s->s3->rrec.data[0], s->s3->rrec.length,
-			s, s->msg_callback_arg);
-
 	if (hbtype == TLS1_HB_REQUEST)
 		{
 		unsigned char *buffer, *bp;
