[Chicken-users] [PATCH 1/4] openssl: prevent truncation attacks

chicken-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Chicken-users] [PATCH 1/4] openssl: prevent truncation attacks

From:	Florian Zumbiehl
Subject:	[Chicken-users] [PATCH 1/4] openssl: prevent truncation attacks
Date:	Tue, 2 Apr 2013 06:55:59 +0200
User-agent:	Mutt/1.5.20 (2009-06-14)

Fix unauthenticated data being passed directly from the socket to the port,
bypassing openssl, in order to prevent truncation attacks.
---
 openssl.scm |   16 +++++++---------
 1 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/openssl.scm b/openssl.scm
index b9b6baa..9433bcd 100644
--- a/openssl.scm
+++ b/openssl.scm
@@ -253,7 +253,8 @@ EOF
           "unsigned char ch;\n"
           "int ret;\n"
           "switch (ret = SSL_read((SSL *)ssl, &ch, 1)) {\n"
-          "case 0: return(C_SCHEME_END_OF_FILE);\n"
+          "case 0: return(SSL_get_error((SSL *)ssl, 0) == 
SSL_ERROR_ZERO_RETURN ?\n"
+           "               C_SCHEME_END_OF_FILE : C_fix(0));\n"
           "case 1: return(C_make_character(ch));\n"
           "default: return(C_fix(ret));\n"
           "}\n")
@@ -398,11 +399,10 @@ EOF
                                           (lambda () (ssl-get-char ssl))
                                           fd (tcp-read-timeout)
                                           "SSL read timed out")))
-               (if buffer
-                   (let ((ch buffer))
-                     (set! buffer #f)
-                     ch)
-                   #!eof))
+                (let ((ch buffer))
+                  (unless (eof-object? buffer)
+                    (set! buffer #f))
+                  ch))
              ;; ready?
              (lambda ()
                 (startup)
@@ -427,9 +427,7 @@ EOF
                                                  (lambda () (ssl-get-char ssl))
                                                  fd (tcp-read-timeout)
                                                  "SSL read timed out")))
-               (if buffer
-                   buffer
-                   #!eof)))))
+               buffer))))
          (out
           (make-output-port
            ;; write
-- 
1.7.2.5

[Prev in Thread]

Current Thread

[Next in Thread]

[Chicken-users] [PATCH 0/4] openssl: a bunch of bug fixes, Florian Zumbiehl, 2013/04/02
- [Chicken-users] [PATCH 1/4] openssl: prevent truncation attacks, Florian Zumbiehl <=
- [Chicken-users] [PATCH 2/4] openssl: don't raise 'ssl-peek-char exception in write, Florian Zumbiehl, 2013/04/02
- [Chicken-users] [PATCH 3/4] openssl: invoke ERR_clear_error(), Florian Zumbiehl, 2013/04/02
- [Chicken-users] [PATCH 4/4] openssl: disable interrupts, Florian Zumbiehl, 2013/04/02

Prev by Date: [Chicken-users] [PATCH 0/4] openssl: a bunch of bug fixes
Next by Date: [Chicken-users] [PATCH 2/4] openssl: don't raise 'ssl-peek-char exception in write
Previous by thread: [Chicken-users] [PATCH 0/4] openssl: a bunch of bug fixes
Next by thread: [Chicken-users] [PATCH 2/4] openssl: don't raise 'ssl-peek-char exception in write
Index(es):
- Date
- Thread