diff --git a/package/libs/ustream-ssl/Makefile b/package/libs/ustream-ssl/Makefile index 2ea5bf0bd59..86c2d025a0d 100644 --- a/package/libs/ustream-ssl/Makefile +++ b/package/libs/ustream-ssl/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ustream-ssl -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=$(PROJECT_GIT)/project/ustream-ssl.git diff --git a/package/libs/ustream-ssl/patches/0001-ustream-ssl-skip-writing-pending-data.patch b/package/libs/ustream-ssl/patches/0001-ustream-ssl-skip-writing-pending-data.patch new file mode 100644 index 00000000000..e6f08c19e31 --- /dev/null +++ b/package/libs/ustream-ssl/patches/0001-ustream-ssl-skip-writing-pending-data.patch @@ -0,0 +1,56 @@ +From c9b6668215a27f2346d5eedd6f29cc720985b448 Mon Sep 17 00:00:00 2001 +From: Jo-Philipp Wich <jo@mein.io> +Date: Wed, 11 Sep 2019 21:09:59 +0200 +Subject: [PATCH] ustream-ssl: skip writing pending data if .eof is true after + connect + +Check the .eof member of the underlying ustream after the call to +__ustream_ssl_connect() since existing users of the library appear +to set the eof flag as a way to signal connection termination upon +failing certificate verification. + +This is a stop-gap measure to address TALOS-2019-0893 but a proper +API redesign is required to give applications proper control over +whether certificate failures are to be ignored or not and the default +implementation without custom callbacks should always terminate on +verification failures. + +Signed-off-by: Jo-Philipp Wich <jo@mein.io> +--- + ustream-ssl.c | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/ustream-ssl.c b/ustream-ssl.c +index e6b084b..47f66d6 100644 +--- a/ustream-ssl.c ++++ b/ustream-ssl.c +@@ -40,6 +40,26 @@ static void ustream_ssl_check_conn(struct ustream_ssl *us) + return; + + if (__ustream_ssl_connect(us) == U_SSL_OK) { ++ ++ /* __ustream_ssl_connect() will also return U_SSL_OK when certificate ++ * verification failed! ++ * ++ * Applications may register a custom .notify_verify_error callback in the ++ * struct ustream_ssl which is called upon verification failures, but there ++ * is no straight forward way for the callback to terminate the connection ++ * initiation right away, e.g. through a true or false return value. ++ * ++ * Instead, existing implementations appear to set .eof field of the underlying ++ * ustream in the hope that this inhibits further operations on the stream. ++ * ++ * Declare this informal behaviour "official" and check for the state of the ++ * .eof member after __ustream_ssl_connect() returned, and do not write the ++ * pending data if it is set to true. ++ */ ++ ++ if (us->stream.eof) ++ return; ++ + us->connected = true; + if (us->notify_connected) + us->notify_connected(us); +-- +2.20.1 +