Accepting request 131690 from Base:System

- Open Internal file descriptors with O_CLOEXEC, leaving those open across fork()..execve() makes a perfect vector for a side-channel attack... (forwarded request 131190 from elvigia) OBS-URL: https://build.opensuse.org/request/show/131690 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=81
2012-08-26 12:22:07 +00:00 · 2012-08-26 12:22:07 +00:00 · df44f45fc9
commit df44f45fc9
parent e5e7ad330f
3 changed files with 178 additions and 4 deletions
--- a/openssl-ocloexec.patch
+++ b/openssl-ocloexec.patch
@ -0,0 +1,167 @@
+--- crypto/bio/b_sock.c.orig
+++ crypto/bio/b_sock.c
+@@ -735,7 +735,7 @@ int BIO_get_accept_socket(char *host, in
+ 		}
+ 
+ again:
+-	s=socket(server.sa.sa_family,SOCK_STREAM,SOCKET_PROTOCOL);
+	s=socket(server.sa.sa_family,SOCK_STREAM|SOCK_CLOEXEC,SOCKET_PROTOCOL);
+ 	if (s == INVALID_SOCKET)
+ 		{
+ 		SYSerr(SYS_F_SOCKET,get_last_socket_error());
+@@ -784,7 +784,7 @@ again:
+ 					}
+ 				else	goto err;
+ 				}
+-			cs=socket(client.sa.sa_family,SOCK_STREAM,SOCKET_PROTOCOL);
+			cs=socket(client.sa.sa_family,SOCK_STREAM|SOCK_CLOEXEC,SOCKET_PROTOCOL);
+ 			if (cs != INVALID_SOCKET)
+ 				{
+ 				int ii;
+--- crypto/bio/bss_conn.c.orig
+++ crypto/bio/bss_conn.c
+@@ -209,7 +209,7 @@ static int conn_state(BIO *b, BIO_CONNEC
+ 			c->them.sin_addr.s_addr=htonl(l);
+ 			c->state=BIO_CONN_S_CREATE_SOCKET;
+ 
+-			ret=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+			ret=socket(AF_INET,SOCK_STREAM|SOCK_CLOEXEC,SOCKET_PROTOCOL);
+ 			if (ret == INVALID_SOCKET)
+ 				{
+ 				SYSerr(SYS_F_SOCKET,get_last_socket_error());
+--- crypto/bio/bss_dgram.c.orig
+++ crypto/bio/bss_dgram.c
+@@ -999,7 +999,7 @@ static int dgram_sctp_read(BIO *b, char
+ 			msg.msg_control = cmsgbuf;
+ 			msg.msg_controllen = 512;
+ 			msg.msg_flags = 0;
+-			n = recvmsg(b->num, &msg, 0);
+			n = recvmsg(b->num, &msg, MSG_CMSG_CLOEXEC);
+ 
+ 			if (msg.msg_controllen > 0)
+ 				{
+@@ -1560,7 +1560,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
+ 	msg.msg_controllen = 0;
+ 	msg.msg_flags = 0;
+ 
+-	n = recvmsg(b->num, &msg, MSG_PEEK);
+	n = recvmsg(b->num, &msg, MSG_PEEK| MSG_CMSG_CLOEXEC);
+ 	if (n <= 0)
+ 		{
+ 		if ((n < 0) && (get_last_socket_error() != EAGAIN) && (get_last_socket_error() != EWOULDBLOCK))
+@@ -1583,7 +1583,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
+ 		msg.msg_controllen = 0;
+ 		msg.msg_flags = 0;
+ 
+-		n = recvmsg(b->num, &msg, 0);
+		n = recvmsg(b->num, &msg, MSG_CMSG_CLOEXEC);
+ 		if (n <= 0)
+ 			{
+ 			if ((n < 0) && (get_last_socket_error() != EAGAIN) && (get_last_socket_error() != EWOULDBLOCK))
+@@ -1644,7 +1644,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
+ 			fcntl(b->num, F_SETFL, O_NONBLOCK);
+ 			}
+ 
+-		n = recvmsg(b->num, &msg, MSG_PEEK);
+		n = recvmsg(b->num, &msg, MSG_PEEK | MSG_CMSG_CLOEXEC);
+ 
+ 		if (is_dry)
+ 			{
+@@ -1688,7 +1688,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
+ 
+ 		sockflags = fcntl(b->num, F_GETFL, 0);
+ 		fcntl(b->num, F_SETFL, O_NONBLOCK);
+-		n = recvmsg(b->num, &msg, MSG_PEEK);
+		n = recvmsg(b->num, &msg, MSG_PEEK | MSG_CMSG_CLOEXEC);
+ 		fcntl(b->num, F_SETFL, sockflags);
+ 
+ 		/* if notification, process and try again */
+@@ -1709,7 +1709,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
+ 			msg.msg_control = NULL;
+ 			msg.msg_controllen = 0;
+ 			msg.msg_flags = 0;
+-			n = recvmsg(b->num, &msg, 0);
+			n = recvmsg(b->num, &msg, MSG_CMSG_CLOEXEC);
+ 
+ 			if (data->handle_notifications != NULL)
+ 				data->handle_notifications(b, data->notification_context, (void*) &snp);
+--- crypto/bio/bss_file.c.orig
+++ crypto/bio/bss_file.c
+@@ -120,6 +120,10 @@ BIO *BIO_new_file(const char *filename,
+ 	{
+ 	BIO  *ret;
+ 	FILE *file=NULL;
+    size_t modelen = strlen (mode);
+    char newmode[modelen + 2];
+
+    memcpy (mempcpy (newmode, mode, modelen), "e", 2);
+ 
+ #if defined(_WIN32) && defined(CP_UTF8)
+ 	int sz, len_0 = (int)strlen(filename)+1;
+@@ -162,7 +166,7 @@ BIO *BIO_new_file(const char *filename,
+ 		file = fopen(filename,mode);
+ 		}
+ #else
+-	file=fopen(filename,mode);	
+	file=fopen(filename,newmode);	
+ #endif
+ 	if (file == NULL)
+ 		{
+@@ -275,7 +279,7 @@ static long MS_CALLBACK file_ctrl(BIO *b
+ 	long ret=1;
+ 	FILE *fp=(FILE *)b->ptr;
+ 	FILE **fpp;
+-	char p[4];
+	char p[5];
+ 
+ 	switch (cmd)
+ 		{
+@@ -392,6 +396,8 @@ static long MS_CALLBACK file_ctrl(BIO *b
+ 		else
+ 			strcat(p,"t");
+ #endif
+		strcat(p, "e");
+
+ 		fp=fopen(ptr,p);
+ 		if (fp == NULL)
+ 			{
+--- crypto/rand/rand_unix.c.orig
+++ crypto/rand/rand_unix.c
+@@ -262,7 +262,7 @@ int RAND_poll(void)
+ 	for (i = 0; (i < sizeof(randomfiles)/sizeof(randomfiles[0])) &&
+ 			(n < ENTROPY_NEEDED); i++)
+ 		{
+-		if ((fd = open(randomfiles[i], O_RDONLY
+		if ((fd = open(randomfiles[i], O_RDONLY | O_CLOEXEC
+ #ifdef O_NONBLOCK
+ 			|O_NONBLOCK
+ #endif
+--- crypto/rand/randfile.c.orig
+++ crypto/rand/randfile.c
+@@ -134,7 +134,7 @@ int RAND_load_file(const char *file, lon
+ #ifdef OPENSSL_SYS_VMS
+ 	in=vms_fopen(file,"rb",VMS_OPEN_ATTRS);
+ #else
+-	in=fopen(file,"rb");
+	in=fopen(file,"rbe");
+ #endif
+ 	if (in == NULL) goto err;
+ #if defined(S_IFBLK) && defined(S_IFCHR) && !defined(OPENSSL_NO_POSIX_IO)
+@@ -207,7 +207,7 @@ int RAND_write_file(const char *file)
+ #endif
+ 	/* chmod(..., 0600) is too late to protect the file,
+ 	 * permissions should be restrictive from the start */
+-	int fd = open(file, O_WRONLY|O_CREAT|O_BINARY, 0600);
+	int fd = open(file, O_WRONLY|O_CREAT|O_BINARY|O_CLOEXEC, 0600);
+ 	if (fd != -1)
+ 		out = fdopen(fd, "wb");
+ 	}
+@@ -238,7 +238,7 @@ int RAND_write_file(const char *file)
+ 		out = vms_fopen(file,"wb",VMS_OPEN_ATTRS);
+ #else
+ 	if (out == NULL)
+-		out = fopen(file,"wb");
+		out = fopen(file,"wbe");
+ #endif
+ 	if (out == NULL) goto err;
+ 
--- a/openssl.changes
+++ b/openssl.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Sun Aug 19 23:38:32 UTC 2012 - crrodriguez@opensuse.org
+
+- Open Internal file descriptors with O_CLOEXEC, leaving
+  those open across fork()..execve() makes a perfect
+  vector for a side-channel attack... 
+
 -------------------------------------------------------------------
 Tue Aug  7 17:17:34 UTC 2012 - dmueller@suse.com

--- a/openssl.spec
+++ b/openssl.spec
@ -46,6 +46,7 @@ Source10:       README.SuSE
 Patch0:         merge_from_0.9.8k.patch
 Patch1:         openssl-1.0.0-c_rehash-compat.diff
 Patch2:         bug610223.patch
+Patch3:         openssl-ocloexec.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %description
@ -174,6 +175,7 @@ Authors:
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3
 cp -p %{S:10} .
 echo "adding/overwriting some entries in the 'table' hash in Configure"
 # $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags
@ -366,11 +368,9 @@ ln -sf /%{_lib}/libcrypto.so.%{num_version} ./libcrypto.so
 %clean
 if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi

-%post -n libopenssl1_0_0
-/sbin/ldconfig
+%post -n libopenssl1_0_0 -p /sbin/ldconfig

-%postun -n libopenssl1_0_0
-/sbin/ldconfig
+%postun -n libopenssl1_0_0 -p /sbin/ldconfig

 %files -n libopenssl1_0_0
 %defattr(-, root, root)