Projects
openEuler:20.03:LTS:SP3
edk2
_service:tar_scm_kernel_repo:0086-Hardening-aro...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm_kernel_repo:0086-Hardening-around-not_resumable-sessions.patch of Package edk2
From 161ea825e861895c27499ae3d8f05cbd15b0926a Mon Sep 17 00:00:00 2001 From: Matt Caswell <matt@openssl.org> Date: Fri, 15 Mar 2024 17:58:42 +0000 Subject: [PATCH 4/5] Hardening around not_resumable sessions Make sure we can't inadvertently use a not_resumable session Related to CVE-2024-2511 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24044) (cherry picked from commit c342f4b8bd2d0b375b0e22337057c2eab47d9b96) Signed-off-by: Liu-Ermeng <liuermeng2@huawei.com> --- CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_sess.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_sess.c b/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_sess.c index 4e87220..9a5b0b8 100644 --- a/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_sess.c +++ b/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_sess.c @@ -465,6 +465,12 @@ SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id, ret = s->session_ctx->get_session_cb(s, sess_id, sess_id_len, ©); if (ret != NULL) { + if (ret->not_resumable) { + /* If its not resumable then ignore this session */ + if (!copy) + SSL_SESSION_free(ret); + return NULL; + } tsan_counter(&s->session_ctx->stats.sess_cb_hit); /* -- 2.33.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.