[Pkg-openssl-devel] Bug#575433: Bug#575433: openssl: OpenSSL does not check for a NULL return value from bn_wexpand function calls

[Kurt Roeckx]

On Thu, Mar 25, 2010 at 02:45:41PM -0400, A. Maitland Bottoms wrote:
> Package: openssl
> Version: 0.9.8g-15+lenny6
> Tags: lenny,security,patch
> 
> This bug report is based upon CVE-2009-3245
> OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which 
> has unspecified impact and context-dependent attack vectors.
> 
> http://security-tracker.debian.org/tracker/CVE-2009-3245
> 
> While the security-tracker includes a "Minor issue" comment in the notes, the CVE
> states "NVD severity	   high (attack range: remote)" so perhaps there should
> be a security update for the version in Debian stable.

The security team didn't seem to agree on the severity.

Looking at the code, I only see those cases returning an error:
        if (words > (INT_MAX/(4*BN_BITS2)))
                {
                BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG);
                return NULL;
                }
        if (BN_get_flags(b,BN_FLG_STATIC_DATA))
                {
                BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
                return(NULL);
                }
        a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*words);
        if (A == NULL)
                {
                BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
                return(NULL);
                }

So the most likely cause is malloc failing.  And I think if
you can can trigger that, more things will go wrong.

Anyway, I should probably fix this in a point release.


Kurt