untrusted comment: signature from openbsd 5.9 base secret key RWQJVNompF3pwR9G3dRT0cSk3Mmu6PpSwCWwXUo+xRlUbuussM+v5hMdZCSShjygXrVwFz8mnlQgW15gu3cR/IkueZW1Lf29dwA= OpenBSD 5.9 errata 32, Nov 5, 2016: Avoid continual processing of an unlimited number of TLS records. Apply by doing: signify -Vep /etc/signify/openbsd-59-base.pub -x 032_libssl.patch.sig \ -m - | (cd /usr/src && patch -p0) And then rebuild and install libssl: cd /usr/src/lib/libssl make obj make depend make make install Index: lib/libssl/src/ssl/s3_pkt.c =================================================================== retrieving revision 1.57.2.2 retrieving revision 1.57.2.3 diff -u -p -r1.57.2.2 -r1.57.2.3 --- lib/libssl/src/ssl/s3_pkt.c 4 May 2016 01:10:57 -0000 1.57.2.2 +++ lib/libssl/src/ssl/s3_pkt.c 3 Nov 2016 16:27:16 -0000 1.57.2.3 @@ -839,10 +839,11 @@ ssl3_write_pending(SSL *s, int type, con int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) { - int al, i, j, ret; + void (*cb)(const SSL *ssl, int type2, int val) = NULL; + int al, i, j, ret, rrcount = 0; unsigned int n; SSL3_RECORD *rr; - void (*cb)(const SSL *ssl, int type2, int val) = NULL; + BIO *bio; if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ if (!ssl3_setup_read_buffer(s)) @@ -896,7 +897,27 @@ ssl3_read_bytes(SSL *s, int type, unsign return (-1); } } + start: + /* + * Do not process more than three consecutive records, otherwise the + * peer can cause us to loop indefinitely. Instead, return with an + * SSL_ERROR_WANT_READ so the caller can choose when to handle further + * processing. In the future, the total number of non-handshake and + * non-application data records per connection should probably also be + * limited... + */ + if (rrcount++ >= 3) { + if ((bio = SSL_get_rbio(s)) == NULL) { + SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); + return -1; + } + BIO_clear_retry_flags(bio); + BIO_set_retry_read(bio); + s->rwstate = SSL_READING; + return -1; + } + s->rwstate = SSL_NOTHING; /* @@ -1049,7 +1070,6 @@ start: if (!(s->mode & SSL_MODE_AUTO_RETRY)) { if (s->s3->rbuf.left == 0) { /* no read-ahead left? */ - BIO *bio; /* In the case where we try to read application data, * but we trigger an SSL handshake, we return -1 with * the retry option set. Otherwise renegotiation may