ustream-ssl: update to latest Git HEAD
authorJo-Philipp Wich <jo@mein.io>
Tue, 5 Nov 2019 13:38:40 +0000 (14:38 +0100)
committerHauke Mehrtens <hauke@hauke-m.de>
Sun, 10 Nov 2019 15:23:07 +0000 (16:23 +0100)
c9b6668 ustream-ssl: skip writing pending data if .eof is true after connect

Fixes: CVE-2019-5101, CVE-2019-5102
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 6f9157e6bdea91507af84acdf53da7c0e6879bc1)

package/libs/ustream-ssl/Makefile
package/libs/ustream-ssl/patches/0001-ustream-ssl-skip-writing-pending-data.patch [deleted file]

index e43703c..07377b0 100644 (file)
@@ -5,9 +5,9 @@ PKG_RELEASE:=2
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/ustream-ssl.git
-PKG_SOURCE_DATE:=2019-11-01
-PKG_SOURCE_VERSION:=465f8dc31d85cdd54369a5650d5daa1d3995dfaa
-PKG_MIRROR_HASH:=abf0c516f9a4b25a672b9d2d5b4f3fa05456ded46704817453b3e6ad928a30ac
+PKG_SOURCE_DATE:=2019-11-05
+PKG_SOURCE_VERSION:=c9b6668215a27f2346d5eedd6f29cc720985b448
+PKG_MIRROR_HASH:=28b53b7e27b68d62c8fbbc57660d915bdcb6a464157c1930f16ed67e151398e9
 CMAKE_INSTALL:=1
 
 PKG_LICENSE:=ISC
diff --git a/package/libs/ustream-ssl/patches/0001-ustream-ssl-skip-writing-pending-data.patch b/package/libs/ustream-ssl/patches/0001-ustream-ssl-skip-writing-pending-data.patch
deleted file mode 100644 (file)
index e6f08c1..0000000
+++ /dev/null
@@ -1,56 +0,0 @@
-From c9b6668215a27f2346d5eedd6f29cc720985b448 Mon Sep 17 00:00:00 2001
-From: Jo-Philipp Wich <jo@mein.io>
-Date: Wed, 11 Sep 2019 21:09:59 +0200
-Subject: [PATCH] ustream-ssl: skip writing pending data if .eof is true after
- connect
-
-Check the .eof member of the underlying ustream after the call to
-__ustream_ssl_connect() since existing users of the library appear
-to set the eof flag as a way to signal connection termination upon
-failing certificate verification.
-
-This is a stop-gap measure to address TALOS-2019-0893 but a proper
-API redesign is required to give applications proper control over
-whether certificate failures are to be ignored or not and the default
-implementation without custom callbacks should always terminate on
-verification failures.
-
-Signed-off-by: Jo-Philipp Wich <jo@mein.io>
----
- ustream-ssl.c | 20 ++++++++++++++++++++
- 1 file changed, 20 insertions(+)
-
-diff --git a/ustream-ssl.c b/ustream-ssl.c
-index e6b084b..47f66d6 100644
---- a/ustream-ssl.c
-+++ b/ustream-ssl.c
-@@ -40,6 +40,26 @@ static void ustream_ssl_check_conn(struct ustream_ssl *us)
-               return;
-       if (__ustream_ssl_connect(us) == U_SSL_OK) {
-+
-+              /* __ustream_ssl_connect() will also return U_SSL_OK when certificate
-+               * verification failed!
-+               *
-+               * Applications may register a custom .notify_verify_error callback in the
-+               * struct ustream_ssl which is called upon verification failures, but there
-+               * is no straight forward way for the callback to terminate the connection
-+               * initiation right away, e.g. through a true or false return value.
-+               *
-+               * Instead, existing implementations appear to set .eof field of the underlying
-+               * ustream in the hope that this inhibits further operations on the stream.
-+               *
-+               * Declare this informal behaviour "official" and check for the state of the
-+               * .eof member after __ustream_ssl_connect() returned, and do not write the
-+               * pending data if it is set to true.
-+               */
-+
-+              if (us->stream.eof)
-+                      return;
-+
-               us->connected = true;
-               if (us->notify_connected)
-                       us->notify_connected(us);
--- 
-2.20.1
-