Projects
Mega:24.03:SP1:Everything
compat-openssl11
_service:tar_scm:backport-Hardening-around-not_...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:backport-Hardening-around-not_resumable-sessions.patch of Package compat-openssl11
From 9b79e20ed347f90ed23bfc8e5be2259231fd0a34 Mon Sep 17 00:00:00 2001 From: Matt Caswell <matt@openssl.org> Date: Fri, 15 Mar 2024 17:58:42 +0000 Subject: [PATCH] Hardening around not_resumable sessions Make sure we can't inadvertently use a not_resumable session Related to CVE-2024-2511 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24044) (cherry picked from commit c342f4b8bd2d0b375b0e22337057c2eab47d9b96) Signed-off-by: Liu-Ermeng <liuermeng2@huawei.com> --- ssl/ssl_sess.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 28affe0a26..5cc816b0fc 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -471,6 +471,12 @@ SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id, ret = s->session_ctx->get_session_cb(s, sess_id, sess_id_len, ©); if (ret != NULL) { + if (ret->not_resumable) { + /* If its not resumable then ignore this session */ + if (!copy) + SSL_SESSION_free(ret); + return NULL; + } tsan_counter(&s->session_ctx->stats.sess_cb_hit); /* -- 2.33.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2