[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[minion-cvs] attack leaks in tls code

Update of /home/minion/cvsroot/src/minion/src
In directory moria.mit.edu:/tmp/cvs-serv27390/src/minion/src

Modified Files:
	crypt.c tls.c 
Log Message:
attack leaks in tls code

Index: crypt.c
===================================================================
RCS file: /home/minion/cvsroot/src/minion/src/crypt.c,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -d -r1.21 -r1.22
--- crypt.c	28 Mar 2003 15:36:23 -0000	1.21
+++ crypt.c	10 Apr 2003 03:01:07 -0000	1.22
@@ -180,7 +180,7 @@
         int inputlen, prng=0;
         long idx=0;
         AES_KEY *aes_key = NULL;
-
+        
         PyObject *output;
 
         if (!PyArg_ParseTupleAndKeywords(args, kwdict,
@@ -540,6 +540,7 @@
                                                        NULL, NULL))
                                 goto error;
                 }
+                EVP_PKEY_free(pkey);
         }
         Py_INCREF(Py_None);
         return Py_None;
@@ -602,10 +603,6 @@
         return mm_RSA_new(rsa);
 }
 
-
-
-
-
 /**
  * Converts a BIGNUM into a newly allocated PyLongObject.
  **/
@@ -734,7 +731,6 @@
                                          &PyLong_Type, &n, &PyLong_Type, &e))
                 return NULL;
 
-        rsa = RSA_new();
         if (!(rsa = RSA_new())) { PyErr_NoMemory(); return NULL; }
         if (!(rsa->n = pylong2bn(n))) { RSA_free(rsa); return NULL; }
         if (!(rsa->e = pylong2bn(e))) {
@@ -1033,13 +1029,11 @@
 
         if (!(name = X509_NAME_new()))
                 goto error;
-        SET_PART(name, "countryName", "US");
         SET_PART(name, "organizationName", "Mixminion network");
         SET_PART(name, "commonName", cn);
 
         if (!(name_issuer = X509_NAME_new()))
                 goto error;
-        SET_PART(name_issuer, "countryName", "US");
         SET_PART(name_issuer, "organizationName", "Mixminion network");
         SET_PART(name_issuer, "commonName", cn_issuer);
 

Index: tls.c
===================================================================
RCS file: /home/minion/cvsroot/src/minion/src/tls.c,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -d -r1.19 -r1.20
--- tls.c	28 Mar 2003 15:36:23 -0000	1.19
+++ tls.c	10 Apr 2003 03:01:07 -0000	1.20
@@ -119,7 +119,7 @@
 PyObject*
 mm_TLSContext_new(PyObject *self, PyObject *args, PyObject *kwargs)
 {
-        static char *kwlist[] = { "certfile", "pkfile", "dhfile", NULL };
+        static char *kwlist[] = { "certfile", "rsa", "dhfile", NULL };
         char *certfile = NULL, *dhfile=NULL;
         mm_RSA *rsa = NULL;
         int err = 0;
@@ -150,6 +150,8 @@
         if (!err && certfile &&
             !SSL_CTX_use_certificate_chain_file(ctx,certfile))
                 err = 1;
+        if (!err)
+                SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
         if (!err && rsa) {
                 if (!(_rsa = RSAPrivateKey_dup(rsa->rsa)) ||
                     !(pkey = EVP_PKEY_new()))
@@ -175,8 +177,15 @@
                         if (!dh)
                                 err = 1;
                 }
-                if (!err)
+                if (!err) {
                         SSL_CTX_set_tmp_dh(ctx,dh);
+                        DH_free(dh);
+                        dh = NULL;
+                }
+                if (bio) {
+                        BIO_free(bio);
+                        bio = NULL;
+                }
         }
         if (!err)
                 SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
@@ -223,7 +232,6 @@
         int err = 0;
 
         SSL_CTX *ctx;
-        BIO *bio = NULL;
         SSL *ssl = NULL;
         mm_TLSSock *ret;
 
@@ -248,9 +256,7 @@
                     SSL3_TXT_RSA_DES_192_CBC3_SHA))
                 err = 1;
 
-        if (!err && !(bio = BIO_new_socket(sock, BIO_NOCLOSE)))
-                err = 1;
-        SSL_set_bio(ssl,bio,bio);
+        SSL_set_fd(ssl, sock);
         Py_END_ALLOW_THREADS
 
         if (!err) {