cyassl: add a patch to better check legacy SSLv2 client hello records

If junk data is received during SSL_accept(), cyassl will treat it as legacy SSLv2
record without performing further plausibility checks. Change the legacy code path
to return UNKNOWN_HANDSHAKE_TYPE if the value of the third byte isn't 0x01 the
hello message type.

SVN-Revision: 33675

diff --git a/package/libs/cyassl/Makefile b/package/libs/cyassl/Makefile
index 442186aac7fda51cf7405815e7e4f98ce5e08057..063e5721668b348907cd59eb0aa4dd768548c878 100644 (file)
--- a/package/libs/cyassl/Makefile
+++ b/package/libs/cyassl/Makefile
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2010 OpenWrt.org
+# Copyright (C) 2006-2012 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=cyassl
 PKG_VERSION:=1.6.5
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip
 PKG_SOURCE_URL:=http://www.yassl.com/

diff --git a/package/libs/cyassl/patches/200-SSL_accept-handle-hello-garbage.patch b/package/libs/cyassl/patches/200-SSL_accept-handle-hello-garbage.patch
new file mode 100644 (file)
index 0000000..4a6b8da
--- /dev/null
+++ b/package/libs/cyassl/patches/200-SSL_accept-handle-hello-garbage.patch
@@ -0,0 +1,13 @@
+--- a/src/cyassl_int.c
++++ b/src/cyassl_int.c
+@@ -1588,6 +1588,10 @@
+                 b1 =
+                 ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
+                 ssl->curSize = ((b0 & 0x7f) << 8) | b1;
++
++                /* does not appear to a be a SSLv2 client hello */
++                if ( ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx] != 1 )
++                    return UNKNOWN_HANDSHAKE_TYPE;
+             }
+             else {
+                 ssl->options.processReply = getRecordLayerHeader;