Released 0.8.2
by Robbie Harwood
Highlights:
- Fix a crash bug in v0.8.1
Simo Sorce (1):
- Change the way we handle encrypted buffers
Thanks,
--Robbie
4 years, 5 months
tag v0.8.2 created (now 1eef926)
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
rharwood pushed a change to tag v0.8.2
in repository gssproxy.
at 1eef926 (commit)
No new revisions were added by this update.
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 5 months
branch master updated: Release version 0.8.2
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
rharwood pushed a commit to branch master
in repository gssproxy.
The following commit(s) were added to refs/heads/master by this push:
new 1eef926 Release version 0.8.2
1eef926 is described below
commit 1eef926fbc241a7e1c351a826b8597686cb21323
Author: Robbie Harwood <rharwood(a)redhat.com>
AuthorDate: Thu Apr 18 11:26:04 2019 -0400
Release version 0.8.2
Signed-off-by: Robbie Harwood <rharwood(a)redhat.com>
---
docs/Releases/v0.8.2.md | 5 +++++
version.m4 | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/docs/Releases/v0.8.2.md b/docs/Releases/v0.8.2.md
new file mode 100644
index 0000000..dd0f5d5
--- /dev/null
+++ b/docs/Releases/v0.8.2.md
@@ -0,0 +1,5 @@
+Highlights:
+- Fix a crash bug in v0.8.1
+
+Simo Sorce (1):
+- Change the way we handle encrypted buffers
diff --git a/version.m4 b/version.m4
index 63e14f5..8e702a4 100644
--- a/version.m4
+++ b/version.m4
@@ -1,5 +1,5 @@
# Primary version number
-m4_define([VERSION_NUMBER], [0.8.1])
+m4_define([VERSION_NUMBER], [0.8.2])
# If the PRERELEASE_VERSION_NUMBER is set, we'll append
# it to the release tag when creating an RPM or SRPM
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 5 months
branch master updated: Change the way we handle encrypted buffers
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
rharwood pushed a commit to branch master
in repository gssproxy.
The following commit(s) were added to refs/heads/master by this push:
new 839be8a Change the way we handle encrypted buffers
839be8a is described below
commit 839be8aa7e54e93819e8291b570e4c7cfe7e98f1
Author: Simo Sorce <simo(a)redhat.com>
AuthorDate: Wed Apr 17 18:00:59 2019 -0400
Change the way we handle encrypted buffers
The previous change has backwards incompatible behavior that may also
lead to buffer overruns.
Because we have no easy way to indicate a format change and to maintain
backwards compatibility for the ciphers that were working (those that
added padding were hopelessly borken anyway) introduce code to simply
add padding that we can recognize and remove when we read back the token.
On ciphers that do not add padding this is basically a no op and the
tokens will be identical to the ones we previously emitted.
On ciphers that add padding we pad the plaintext so that we hit a block
boundary and cause no extra padding to be added by krb5_c_encrypt
itself. On decryption we check if padding bytes are appended to the
buffer and remove them.
Signed-off-by: Simo Sorce <simo(a)redhat.com>
Reviewed-by: Robbie Harwood <rharwood(a)redhat.com>
Merges: #246
---
src/gp_export.c | 110 +++++++++++++++++++++++++++++++++++++++++++-------------
1 file changed, 86 insertions(+), 24 deletions(-)
diff --git a/src/gp_export.c b/src/gp_export.c
index aa0a8ec..dbfddeb 100644
--- a/src/gp_export.c
+++ b/src/gp_export.c
@@ -193,9 +193,15 @@ done:
return ret_maj;
}
-/* We need to include a length in our payloads because krb5_c_decrypt() will
- * pad the contents for some enctypes, and gss_import_cred() doesn't like
- * having extra bytes on tokens. */
+#define ENC_MIN_PAD_LEN 8
+
+/* We need to pad our payloads because krb5_c_decrypt() may pad the
+ * contents for some enctypes, and gss_import_cred() doesn't like
+ * having extra bytes on tokens.
+ * Explicit padding and depadding is used in order to maintain backwards
+ * compatibility over upgrades (and downgrades), it would have been
+ * better if we simply had a better formatting of the returned blob
+ * so we could simply change a "blob version" number */
static int gp_encrypt_buffer(krb5_context context, krb5_keyblock *key,
size_t len, void *buf, octet_string *out)
{
@@ -203,8 +209,9 @@ static int gp_encrypt_buffer(krb5_context context, krb5_keyblock *key,
krb5_data data_in;
krb5_enc_data enc_handle;
size_t cipherlen;
- char *packed = NULL;
- uint32_t netlen;
+ size_t padcheck;
+ uint8_t pad = 0;
+ char *padded = NULL;
if (len > (uint32_t)(-1)) {
/* Needs to fit in 4 bytes of payload, so... */
@@ -212,28 +219,72 @@ static int gp_encrypt_buffer(krb5_context context, krb5_keyblock *key,
goto done;
}
- packed = malloc(len);
- if (!packed) {
- ret = errno;
+ ret = krb5_c_encrypt_length(context,
+ key->enctype,
+ len, &cipherlen);
+ if (ret) {
goto done;
}
- netlen = htonl(len);
- memcpy(packed, (uint8_t *)&netlen, 4);
- memcpy(packed + 4, buf, len);
-
- data_in.length = len + 4;
- data_in.data = packed;
-
- memset(&enc_handle, '\0', sizeof(krb5_enc_data));
-
+ /* try again with len + 1 to see if padding is required */
ret = krb5_c_encrypt_length(context,
key->enctype,
- data_in.length,
- &cipherlen);
+ len + 1, &padcheck);
if (ret) {
goto done;
}
+ if (padcheck == cipherlen) {
+ int i;
+ /* padding required */
+ pad = ENC_MIN_PAD_LEN;
+ /* always add enough padding that it makes it extremely unlikley
+ * legitimate plaintext will be incorrectly depadded in the
+ * decrypt function */
+ ret = krb5_c_encrypt_length(context,
+ key->enctype,
+ len + pad, &cipherlen);
+ if (ret) {
+ goto done;
+ }
+ /* we support only block sizes up to 16 bytes as this is the largest
+ * supported block size in krb ciphers for now */
+ for (i = 0; i < 15; i++) {
+ /* find the point at which padcheck increases, that's when we
+ * cross a blocksize boundary internally and we can calculate
+ * the padding that will be used */
+ ret = krb5_c_encrypt_length(context,
+ key->enctype,
+ len + pad + i + 1, &padcheck);
+ if (ret) {
+ goto done;
+ }
+ if (padcheck > cipherlen) {
+ pad += i;
+ break;
+ }
+ }
+ if (i > 15) {
+ ret = EINVAL;
+ goto done;
+ }
+ }
+
+ if (pad != 0) {
+ padded = malloc(len + pad);
+ if (!padded) {
+ ret = errno;
+ goto done;
+ }
+
+ memcpy(padded, buf, len);
+ memset(padded + len, pad, pad);
+
+ data_in.length = len + pad;
+ data_in.data = padded;
+ } else {
+ data_in.length = len;
+ data_in.data = buf;
+ }
enc_handle.ciphertext.length = cipherlen;
enc_handle.ciphertext.data = malloc(enc_handle.ciphertext.length);
@@ -261,7 +312,7 @@ static int gp_encrypt_buffer(krb5_context context, krb5_keyblock *key,
}
done:
- free(packed);
+ free(padded);
free(enc_handle.ciphertext.data);
return ret;
}
@@ -273,7 +324,8 @@ static int gp_decrypt_buffer(krb5_context context, krb5_keyblock *key,
int ret;
krb5_data data_out;
krb5_enc_data enc_handle;
- uint32_t netlen;
+ uint8_t pad;
+ int i, j;
memset(&enc_handle, '\0', sizeof(krb5_enc_data));
@@ -295,9 +347,19 @@ static int gp_decrypt_buffer(krb5_context context, krb5_keyblock *key,
}
/* And handle the padding. */
- memcpy(&netlen, buf, 4);
- *len = ntohl(netlen);
- memmove(buf, buf + 4, *len);
+ i = data_out.length - 1;
+ pad = data_out.data[i];
+ if (pad >= ENC_MIN_PAD_LEN && pad < i) {
+ j = pad;
+ while (j > 0) {
+ j--;
+ if (pad != data_out.data[i - j]) break;
+ }
+ if (j == 0) {
+ data_out.length -= pad;
+ }
+ }
+ *len = data_out.length;
return 0;
}
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 5 months
tag v0.8.1 created (now 736fdd4)
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
rharwood pushed a change to tag v0.8.1
in repository gssproxy.
at 736fdd4 (commit)
No new revisions were added by this update.
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 5 months
branch master updated: Release version 0.8.1
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
rharwood pushed a commit to branch master
in repository gssproxy.
The following commit(s) were added to refs/heads/master by this push:
new 736fdd4 Release version 0.8.1
736fdd4 is described below
commit 736fdd48e941f17dbcfd3227866e608c6cd8a7ff
Author: Robbie Harwood <rharwood(a)redhat.com>
AuthorDate: Tue Apr 16 17:43:03 2019 -0400
Release version 0.8.1
Signed-off-by: Robbie Harwood <rharwood(a)redhat.com>
---
docs/Releases/v0.8.1.md | 34 ++++++++++++++++++++++++++++++++++
version.m4 | 2 +-
2 files changed, 35 insertions(+), 1 deletion(-)
diff --git a/docs/Releases/v0.8.1.md b/docs/Releases/v0.8.1.md
new file mode 100644
index 0000000..615d66d
--- /dev/null
+++ b/docs/Releases/v0.8.1.md
@@ -0,0 +1,34 @@
+Highlights:
+- Fix explicit NULL derereference with tokens of certain enctypes
+- Always choose highest requested debug level
+- Fixes for running as unprivileged user
+
+Alexander Scheel (1):
+- Permit testing sans Valgrind
+
+Robbie Harwood (12):
+- Clarify debug and debug\_level in man pages
+- Always choose highest requested debug level
+- Add docs link to README.md
+- Add generic service README
+- Rename README.style -> STYLE.txt so pagure stops picking it up
+- Don't leak sock\_ctx if verto\_add\_io() fails
+- Update docs to reflect actual behavior of krb5\_principal
+- Sort options in man pages
+- Check for test-relevant executables early in suite
+- Always initialize out cred in gp\_import\_gssx\_cred()
+- Handle gss\_import\_cred() failure when importing gssx creds
+- Include length when using krb5\_c\_decrypt()
+
+Simo Sorce (5):
+- Always use the encype we selected
+- Use pthread keys for thread local storage
+- Close epoll fd within the lock
+- Add a safety timeout to epoll
+- Reorder functions
+
+Stanislav Levin (4):
+- Fix typo about pid-file
+- Retain CAP\_SYS\_PTRACE when running as unpriviliged
+- Make build with capabilities optional
+- Move run\_as\_user check out of drop\_privs()
diff --git a/version.m4 b/version.m4
index 5b4d386..63e14f5 100644
--- a/version.m4
+++ b/version.m4
@@ -1,5 +1,5 @@
# Primary version number
-m4_define([VERSION_NUMBER], [0.8.0])
+m4_define([VERSION_NUMBER], [0.8.1])
# If the PRERELEASE_VERSION_NUMBER is set, we'll append
# it to the release tag when creating an RPM or SRPM
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 5 months
branch master updated (f91e23f -> 87957ca)
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
rharwood pushed a change to branch master
in repository gssproxy.
from f91e23f Permit testing sans Valgrind
new 5697dfd Always initialize out cred in gp_import_gssx_cred()
new 84cf88f Handle gss_import_cred() failure when importing gssx creds
new 87957ca Include length when using krb5_c_decrypt()
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
src/gp_export.c | 42 +++++++++++++++++++++++++++++++++++++-----
1 file changed, 37 insertions(+), 5 deletions(-)
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 5 months
