openssh-5.8p2.tar.gz

上传者: u011537085 | 上传时间: 2022-03-25 14:39:45 | 文件大小: 1.06MB | 文件类型: -
untrusted comment: signature from openbsd 5.5 base secret key RWRGy8gxk9N930mZSNhSVZg9DPFLNT0qQcEGhQeQ55awDf4RfJqPXB6lz71jQatqYzr3XkzyUyckpP4nSCE+XmoICZEPwVhjhA8= OpenBSD 5.5 errata 2, Apr 8, 2014: Missing bounds checking in OpenSSL's implementation of the TLS/DTLS heartbeat extension (RFC6520) which, if exploited, can result in a leak of memory contents. After patching, private keys and certificates exposed to services running this code (for example web/mail server SSL certificates) should be replaced and old certificates revoked. Only SSL/TLS services are affected. Software that uses libcrypto alone is not affected. In particular, ssh/sshd are not affected and there is no need to regenerate SSH host keys that have not otherwise been exposed. Apply patch using: signify -Vep /etc/signify/openbsd-55-base.pub -x 002_openssl.patch.sig \ -m - | (cd /usr/src && patch -p0) Then build and install libssl cd /usr/src/lib/libssl/ssl make obj make make install Also recompile any statically-linked binaries depending on it - in the base OS, this is just ftp(1): cd /usr/src/usr.bin/ftp make obj make clean make make install Then restart services which depend on SSL. Index: lib/libssl/src/ssl/d1_both.c =================================================================== RCS file: /cvs/src/lib/libssl/src/ssl/d1_both.c,v retrieving revision 1.2 diff -u -p -r1.2 d1_both.c --- lib/libssl/src/ssl/d1_both.c 27 Feb 2014 21:04:57 -0000 1.2 +++ lib/libssl/src/ssl/d1_both.c 8 Apr 2014 00:22:22 -0000 @@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s) unsigned int payload; unsigned int padding = 16; /* Use minimum padding */ - /* Read type and payload length first */ - hbtype = *p++; - n2s(p, payload); - pl = p; - if (s->msg_callback) s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, &s->s3->rrec.data[0], s->s3->rrec.length, s, s->msg_callback_arg); + /* Read type and payload length first */ + if (1 + 2 + 16 > s->s3->rrec.length) + return 0; /* silently discard */ + hbtype = *p++; + n2s(p, payload); + if (1 + 2 + payload + 16 > s->s3->rrec.length) + return 0; /* silently discard per RFC 6520 sec. 4 */ + pl = p; + if (hbtype == TLS1_HB_REQUEST) { unsigned char *buffer, *bp; + unsigned int write_length = 1 /* heartbeat type */ + + 2 /* heartbeat length */ + + payload + padding; int r; + if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) + return 0;

文件下载

评论信息

  • yueyihua :
    可以使用,将sshd移植到板卡上会用到。
    2015-04-21

免责申明

【只为小站】的资源来自网友分享,仅供学习研究,请务必在下载后24小时内给予删除,不得用于其他任何用途,否则后果自负。基于互联网的特殊性,【只为小站】 无法对用户传输的作品、信息、内容的权属或合法性、合规性、真实性、科学性、完整权、有效性等进行实质审查;无论 【只为小站】 经营者是否已进行审查,用户均应自行承担因其传输的作品、信息、内容而可能或已经产生的侵权或权属纠纷等法律责任。
本站所有资源不代表本站的观点或立场,基于网友分享,根据中国法律《信息网络传播权保护条例》第二十二条之规定,若资源存在侵权或相关问题请联系本站客服人员,zhiweidada#qq.com,请把#换成@,本站将给予最大的支持与配合,做到及时反馈和处理。关于更多版权及免责申明参见 版权及免责申明