From: Jo-Philipp Wich Date: Tue, 5 Nov 2019 13:38:40 +0000 (+0100) Subject: ustream-ssl: update to latest Git HEAD X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=58db9bee0fb3a8e8dbf0f1f5fc889567d98c10db;p=openwrt%2Fstaging%2Fjow.git ustream-ssl: update to latest Git HEAD c9b6668 ustream-ssl: skip writing pending data if .eof is true after connect Fixes: CVE-2019-5101, CVE-2019-5102 Signed-off-by: Jo-Philipp Wich (cherry picked from commit 6f9157e6bdea91507af84acdf53da7c0e6879bc1) --- diff --git a/package/libs/ustream-ssl/Makefile b/package/libs/ustream-ssl/Makefile index e43703ce56..07377b0710 100644 --- a/package/libs/ustream-ssl/Makefile +++ b/package/libs/ustream-ssl/Makefile @@ -5,9 +5,9 @@ PKG_RELEASE:=2 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=$(PROJECT_GIT)/project/ustream-ssl.git -PKG_SOURCE_DATE:=2019-11-01 -PKG_SOURCE_VERSION:=465f8dc31d85cdd54369a5650d5daa1d3995dfaa -PKG_MIRROR_HASH:=abf0c516f9a4b25a672b9d2d5b4f3fa05456ded46704817453b3e6ad928a30ac +PKG_SOURCE_DATE:=2019-11-05 +PKG_SOURCE_VERSION:=c9b6668215a27f2346d5eedd6f29cc720985b448 +PKG_MIRROR_HASH:=28b53b7e27b68d62c8fbbc57660d915bdcb6a464157c1930f16ed67e151398e9 CMAKE_INSTALL:=1 PKG_LICENSE:=ISC diff --git a/package/libs/ustream-ssl/patches/0001-ustream-ssl-skip-writing-pending-data.patch b/package/libs/ustream-ssl/patches/0001-ustream-ssl-skip-writing-pending-data.patch deleted file mode 100644 index e6f08c19e3..0000000000 --- a/package/libs/ustream-ssl/patches/0001-ustream-ssl-skip-writing-pending-data.patch +++ /dev/null @@ -1,56 +0,0 @@ -From c9b6668215a27f2346d5eedd6f29cc720985b448 Mon Sep 17 00:00:00 2001 -From: Jo-Philipp Wich -Date: Wed, 11 Sep 2019 21:09:59 +0200 -Subject: [PATCH] ustream-ssl: skip writing pending data if .eof is true after - connect - -Check the .eof member of the underlying ustream after the call to -__ustream_ssl_connect() since existing users of the library appear -to set the eof flag as a way to signal connection termination upon -failing certificate verification. - -This is a stop-gap measure to address TALOS-2019-0893 but a proper -API redesign is required to give applications proper control over -whether certificate failures are to be ignored or not and the default -implementation without custom callbacks should always terminate on -verification failures. - -Signed-off-by: Jo-Philipp Wich ---- - ustream-ssl.c | 20 ++++++++++++++++++++ - 1 file changed, 20 insertions(+) - -diff --git a/ustream-ssl.c b/ustream-ssl.c -index e6b084b..47f66d6 100644 ---- a/ustream-ssl.c -+++ b/ustream-ssl.c -@@ -40,6 +40,26 @@ static void ustream_ssl_check_conn(struct ustream_ssl *us) - return; - - if (__ustream_ssl_connect(us) == U_SSL_OK) { -+ -+ /* __ustream_ssl_connect() will also return U_SSL_OK when certificate -+ * verification failed! -+ * -+ * Applications may register a custom .notify_verify_error callback in the -+ * struct ustream_ssl which is called upon verification failures, but there -+ * is no straight forward way for the callback to terminate the connection -+ * initiation right away, e.g. through a true or false return value. -+ * -+ * Instead, existing implementations appear to set .eof field of the underlying -+ * ustream in the hope that this inhibits further operations on the stream. -+ * -+ * Declare this informal behaviour "official" and check for the state of the -+ * .eof member after __ustream_ssl_connect() returned, and do not write the -+ * pending data if it is set to true. -+ */ -+ -+ if (us->stream.eof) -+ return; -+ - us->connected = true; - if (us->notify_connected) - us->notify_connected(us); --- -2.20.1 -