Please sign in to comment.
Fix remote-triggerable memory leaks (CVE-2017-7521)
Several of our OpenSSL-specific certificate-parsing code paths did not always clear all allocated memory. Since a client can cause a few bytes of memory to be leaked for each connection attempt, a client can cause a server to run out of memory and thereby kill the server. That makes this a (quite inefficient) DoS attack. When using the --x509-alt-username option on openssl builds with an extension (argument prefixed with "ext:", e.g. "ext:subjectAltName"), the code would not free all allocated memory. Fix this by using the proper free function. If ASN1_STRING_to_UTF8() returns 0, it didn't fail and *did* allocate memory. So also free the returned buffer if it returns 0. These issues were found, analysed and reported to the OpenVPN team by Guido Vranken. CVE: 2017-7521 Signed-off-by: Steffan Karger <firstname.lastname@example.org> Acked-by: Gert Doering <email@example.com> Acked-by: David Sommerseth <firstname.lastname@example.org> Acked-by: Guido Vranken <email@example.com> Message-Id: <firstname.lastname@example.org> URL: https://email@example.com Signed-off-by: Gert Doering <firstname.lastname@example.org> (cherry picked from commit 2d032c7)
- Loading branch information...
Showing with 9 additions and 5 deletions.