rpms/krb5/F-11 2009-004-patch_1.6.3.txt, NONE, 1.1 krb5.spec, 1.185, 1.186
Nalin Dahyabhai
nalin at fedoraproject.org
Tue Jan 12 19:24:14 UTC 2010
- Previous message: rpms/389-ds-base/devel .cvsignore, 1.9, 1.10 389-ds-base-git-local.sh, 1.6, 1.7 389-ds-base-git.sh, 1.7, 1.8 389-ds-base.spec, 1.14, 1.15 sources, 1.11, 1.12
- Next message: rpms/krb5/F-12 2009-004-patch_1.7.txt,NONE,1.1 krb5.spec,1.218,1.219
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: nalin
Update of /cvs/pkgs/rpms/krb5/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28125/F-11
Modified Files:
krb5.spec
Added Files:
2009-004-patch_1.6.3.txt
Log Message:
- add upstream patches for KDC crash during AES and RC4 decryption
(CVE-2009-4212), via Tom Yu (#545015)
--- NEW FILE 2009-004-patch_1.6.3.txt ---
Index: src/lib/crypto/Makefile.in
===================================================================
--- src/lib/crypto/Makefile.in (revision 23398)
+++ src/lib/crypto/Makefile.in (working copy)
@@ -22,6 +22,7 @@
$(srcdir)/t_hmac.c \
$(srcdir)/t_pkcs5.c \
$(srcdir)/t_cts.c \
+ $(srcdir)/t_short.c \
$(srcdir)/vectors.c
##DOSBUILDTOP = ..\..
@@ -184,12 +185,13 @@
clean-unix:: clean-liblinks clean-libs clean-libobjs
-check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac t_pkcs5
+check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac t_pkcs5 t_short
$(RUN_SETUP) $(VALGRIND) ./t_nfold
$(RUN_SETUP) $(VALGRIND) ./t_encrypt
$(RUN_SETUP) $(VALGRIND) ./t_prng <$(srcdir)/t_prng.seed >t_prng.output && \
diff t_prng.output $(srcdir)/t_prng.expected
$(RUN_SETUP) $(VALGRIND) ./t_hmac
+ $(RUN_SETUP) $(VALGRIND) ./t_short
# $(RUN_SETUP) $(VALGRIND) ./t_pkcs5
@@ -218,10 +220,14 @@
$(CC_LINK) -o $@ t_cts.$(OBJEXT) \
$(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB)
+t_short$(EXEEXT): t_short.$(OBJEXT) $(CRYPTO_DEPLIB) $(SUPPORT_DEPLIB)
+ $(CC_LINK) -o $@ t_short.$(OBJEXT) \
+ $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB)
clean::
$(RM) t_nfold.o t_nfold t_encrypt t_encrypt.o t_prng.o t_prng \
- t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o t_prf t_prf.o
+ t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o t_prf t_prf.o \
+ t_short t_short.o
-$(RM) t_prng.output
all-windows::
@@ -761,6 +767,15 @@
$(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
$(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
$(srcdir)/hash_provider/hash_provider.h t_cts.c
+t_short.so t_short.po $(OUTPRE)t_short.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \
+ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
+ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
+ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
+ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+ t_short.c
vectors.so vectors.po $(OUTPRE)vectors.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \
Index: src/lib/crypto/arcfour/arcfour.c
===================================================================
--- src/lib/crypto/arcfour/arcfour.c (revision 23398)
+++ src/lib/crypto/arcfour/arcfour.c (working copy)
@@ -203,6 +203,12 @@
keylength = enc->keylength;
hashsize = hash->hashsize;
+ /* Verify input and output lengths. */
+ if (input->length < hashsize + CONFOUNDERLENGTH)
+ return KRB5_BAD_MSIZE;
+ if (output->length < input->length - hashsize - CONFOUNDERLENGTH)
+ return KRB5_BAD_MSIZE;
+
d1.length=keybytes;
d1.data=malloc(d1.length);
if (d1.data == NULL)
Index: src/lib/crypto/enc_provider/aes.c
===================================================================
--- src/lib/crypto/enc_provider/aes.c (revision 23398)
+++ src/lib/crypto/enc_provider/aes.c (working copy)
@@ -94,9 +94,11 @@
nblocks = (input->length + BLOCK_SIZE - 1) / BLOCK_SIZE;
if (nblocks == 1) {
- /* XXX Used for DK function. */
+ /* Used when deriving keys. */
+ if (input->length < BLOCK_SIZE)
+ return KRB5_BAD_MSIZE;
enc(output->data, input->data, &ctx);
- } else {
+ } else if (nblocks > 1) {
unsigned int nleft;
for (blockno = 0; blockno < nblocks - 2; blockno++) {
@@ -149,9 +151,9 @@
if (nblocks == 1) {
if (input->length < BLOCK_SIZE)
- abort();
+ return KRB5_BAD_MSIZE;
dec(output->data, input->data, &ctx);
- } else {
+ } else if (nblocks > 1) {
for (blockno = 0; blockno < nblocks - 2; blockno++) {
dec(tmp2, input->data + blockno * BLOCK_SIZE, &ctx);
Index: src/lib/crypto/dk/dk_decrypt.c
===================================================================
--- src/lib/crypto/dk/dk_decrypt.c (revision 23398)
+++ src/lib/crypto/dk/dk_decrypt.c (working copy)
@@ -89,6 +89,12 @@
else if (hmacsize > hashsize)
return KRB5KRB_AP_ERR_BAD_INTEGRITY;
+ /* Verify input and output lengths. */
+ if (input->length < blocksize + hmacsize)
+ return KRB5_BAD_MSIZE;
+ if (output->length < input->length - blocksize - hmacsize)
+ return KRB5_BAD_MSIZE;
+
enclen = input->length - hmacsize;
if ((kedata = (unsigned char *) malloc(keylength)) == NULL)
Index: src/lib/crypto/raw/raw_decrypt.c
===================================================================
--- src/lib/crypto/raw/raw_decrypt.c (revision 23398)
+++ src/lib/crypto/raw/raw_decrypt.c (working copy)
@@ -34,5 +34,7 @@
const krb5_data *ivec, const krb5_data *input,
krb5_data *output)
{
+ if (output->length < input->length)
+ return KRB5_BAD_MSIZE;
return((*(enc->decrypt))(key, ivec, input, output));
}
Index: src/lib/crypto/t_short.c
===================================================================
--- src/lib/crypto/t_short.c (revision 0)
+++ src/lib/crypto/t_short.c (revision 0)
@@ -0,0 +1,112 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * lib/crypto/crypto_tests/t_short.c
+ *
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * Tests the outcome of decrypting overly short tokens. This program can be
+ * run under a tool like valgrind to detect bad memory accesses; when run
+ * normally by the test suite, it verifies that each operation returns
+ * KRB5_BAD_MSIZE.
+ */
+
+#include "k5-int.h"
+
+krb5_enctype interesting_enctypes[] = {
+ ENCTYPE_DES_CBC_CRC,
+ ENCTYPE_DES_CBC_MD4,
+ ENCTYPE_DES_CBC_MD5,
+ ENCTYPE_DES3_CBC_SHA1,
+ ENCTYPE_ARCFOUR_HMAC,
+ ENCTYPE_ARCFOUR_HMAC_EXP,
+ ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+ ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+ 0
+};
+
+/* Abort if an operation unexpectedly fails. */
+static void
+x(krb5_error_code code)
+{
+ if (code != 0)
+ abort();
+}
+
+/* Abort if a decrypt operation doesn't have the expected result. */
+static void
+check_decrypt_result(krb5_error_code code, size_t len, size_t min_len)
+{
+ if (len < min_len) {
+ /* Undersized tokens should always result in BAD_MSIZE. */
+ if (code != KRB5_BAD_MSIZE)
+ abort();
+ } else {
+ /* Min-size tokens should succeed or fail the integrity check. */
+ if (code != 0 && code != KRB5KRB_AP_ERR_BAD_INTEGRITY)
+ abort();
+ }
+}
+
+static void
+test_enctype(krb5_enctype enctype)
+{
+ krb5_error_code ret;
+ krb5_keyblock keyblock;
+ krb5_enc_data input;
+ krb5_data output;
+ size_t min_len, len;
+
+ printf("Testing enctype %d\n", (int) enctype);
+ x(krb5_c_encrypt_length(NULL, enctype, 0, &min_len));
+ x(krb5_c_make_random_key(NULL, enctype, &keyblock));
+ input.enctype = enctype;
+
+ /* Try each length up to the minimum length. */
+ for (len = 0; len <= min_len; len++) {
+ input.ciphertext.data = calloc(len, 1);
+ input.ciphertext.length = len;
+ output.data = calloc(len, 1);
+ output.length = len;
+
+ /* Attempt a normal decryption. */
+ ret = krb5_c_decrypt(NULL, &keyblock, 0, NULL, &input, &output);
+ check_decrypt_result(ret, len, min_len);
+
+ free(input.ciphertext.data);
+ free(output.data);
+ }
+}
+
+int
+main(int argc, char **argv)
+{
+ int i;
+ krb5_data notrandom;
+
+ notrandom.data = "notrandom";
+ notrandom.length = 9;
+ krb5_c_random_seed(NULL, ¬random);
+ for (i = 0; interesting_enctypes[i]; i++)
+ test_enctype(interesting_enctypes[i]);
+ return 0;
+}
Index: src/lib/crypto/old/old_decrypt.c
===================================================================
--- src/lib/crypto/old/old_decrypt.c (revision 23398)
+++ src/lib/crypto/old/old_decrypt.c (working copy)
@@ -45,8 +45,10 @@
blocksize = enc->block_size;
hashsize = hash->hashsize;
+ /* Verify input and output lengths. */
+ if (input->length < blocksize + hashsize || input->length % blocksize != 0)
+ return(KRB5_BAD_MSIZE);
plainsize = input->length - blocksize - hashsize;
-
if (arg_output->length < plainsize)
return(KRB5_BAD_MSIZE);
Index: krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/F-11/krb5.spec,v
retrieving revision 1.185
retrieving revision 1.186
diff -u -p -r1.185 -r1.186
--- krb5.spec 30 Jun 2009 19:15:30 -0000 1.185
+++ krb5.spec 12 Jan 2010 19:24:13 -0000 1.186
@@ -16,7 +16,7 @@
Summary: The Kerberos network authentication system.
Name: krb5
Version: 1.6.3
-Release: 22%{?dist}
+Release: 23%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -105,6 +105,7 @@ Patch80: krb5-trunk-preauth-master.patch
Patch82: krb5-CVE-2009-0844-0845-2.patch
Patch83: krb5-CVE-2009-0846.patch
Patch84: krb5-CVE-2009-0847.patch
+Patch85: http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt
License: MIT
URL: http://web.mit.edu/kerberos/www/
@@ -235,6 +236,10 @@ to obtain initial credentials from a KDC
certificate.
%changelog
+* Tue Jan 12 2010 Nalin Dahyabhai <nalin at redhat.com> - 1.6.3-23
+- add upstream patch for KDC crash during AES and RC4 decryption
+ (CVE-2009-4212), via Tom Yu (#545015)
+
* Tue Jun 30 2009 Nalin Dahyabhai <nalin at redhat.com>
- pam_rhosts_auth.so's been gone, use pam_rhosts.so instead
@@ -1422,6 +1427,7 @@ popd
%patch82 -p1 -b .CVE-2009-0844-0845-2
%patch83 -p1 -b .CVE-2009-0846
%patch84 -p1 -b .CVE-2009-0847
+%patch85 -p0 -b .2009-004
cp src/krb524/README README.krb524
gzip doc/*.ps
- Previous message: rpms/389-ds-base/devel .cvsignore, 1.9, 1.10 389-ds-base-git-local.sh, 1.6, 1.7 389-ds-base-git.sh, 1.7, 1.8 389-ds-base.spec, 1.14, 1.15 sources, 1.11, 1.12
- Next message: rpms/krb5/F-12 2009-004-patch_1.7.txt,NONE,1.1 krb5.spec,1.218,1.219
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list