PolarSSL Security Advisory 2014-02
Title |
Denial of Service against GCM enabled servers (and clients) |
---|---|
CVE |
CVE-2014-4911 |
Date |
11th of July 2014 |
Affects |
All PolarSSL versions before 1.2.11 and 1.3.8 |
Not affected |
All branches before 1.2.x and version > 1.2.10 or > 1.3.7 |
Impact |
Crash of server application (or clients by a malicious server) |
Exploit |
Withheld |
A denial of service against PolarSSL servers that offer GCM ciphersuites has been found using the fuzzing techniques of the Codenomicon Defensics toolkit. Potentially clients are affected too if a malicious server decides to execute the denial of service attack against its clients.
Impact
A server or client that is targeted with this attack can be potentially crashed with a segfault.
Workaround
Disabling of the GCM ciphersuites prevents this attack.
Alternatively the following patch can be applied to your current PolarSSL 1.3.7 code base:
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 480c5e5..a57f3f1 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1416,9 +1416,15 @@ static int ssl_decrypt_buf( ssl_context *ssl )
size_t dec_msglen, olen, totlen;
unsigned char add_data[13];
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
+ size_t gcm_overhead = ssl->transform_in->ivlen +
+ ssl->transform_in->fixed_ivlen +
+ 16; /* explicit IV + tag */
+
+ if( ssl->in_msglen < gcm_overhead )
+ return( POLARSSL_ERR_SSL_INVALID_MAC );
+
+ dec_msglen = ssl->in_msglen - gcm_overhead;
- dec_msglen = ssl->in_msglen - ( ssl->transform_in->ivlen -
- ssl->transform_in->fixed_ivlen );
- dec_msglen -= 16;
dec_msg = ssl->in_msg;
dec_msg_result = ssl->in_msg;
Resolution
Upgrade to PolarSSL 1.3.8 for the 1.3 branch or PolarSSL 1.2.11 for the 1.2 branch.