diff options
Diffstat (limited to 'app-crypt/mit-krb5/files/1.6-CVE-2009-4212.patch')
-rw-r--r-- | app-crypt/mit-krb5/files/1.6-CVE-2009-4212.patch | 268 |
1 files changed, 0 insertions, 268 deletions
diff --git a/app-crypt/mit-krb5/files/1.6-CVE-2009-4212.patch b/app-crypt/mit-krb5/files/1.6-CVE-2009-4212.patch deleted file mode 100644 index 7ed2e9967e2d..000000000000 --- a/app-crypt/mit-krb5/files/1.6-CVE-2009-4212.patch +++ /dev/null @@ -1,268 +0,0 @@ -Index: src/lib/crypto/Makefile.in -=================================================================== ---- src/lib/crypto/Makefile.in (revision 23398) -+++ src/lib/crypto/Makefile.in (working copy) -@@ -22,6 +22,7 @@ - $(srcdir)/t_hmac.c \ - $(srcdir)/t_pkcs5.c \ - $(srcdir)/t_cts.c \ -+ $(srcdir)/t_short.c \ - $(srcdir)/vectors.c - - ##DOSBUILDTOP = ..\.. -@@ -184,12 +185,13 @@ - - clean-unix:: clean-liblinks clean-libs clean-libobjs - --check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac t_pkcs5 -+check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac t_pkcs5 t_short - $(RUN_SETUP) $(VALGRIND) ./t_nfold - $(RUN_SETUP) $(VALGRIND) ./t_encrypt - $(RUN_SETUP) $(VALGRIND) ./t_prng <$(srcdir)/t_prng.seed >t_prng.output && \ - diff t_prng.output $(srcdir)/t_prng.expected - $(RUN_SETUP) $(VALGRIND) ./t_hmac -+ $(RUN_SETUP) $(VALGRIND) ./t_short - - # $(RUN_SETUP) $(VALGRIND) ./t_pkcs5 - -@@ -218,10 +220,14 @@ - $(CC_LINK) -o $@ t_cts.$(OBJEXT) \ - $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) - -+t_short$(EXEEXT): t_short.$(OBJEXT) $(CRYPTO_DEPLIB) $(SUPPORT_DEPLIB) -+ $(CC_LINK) -o $@ t_short.$(OBJEXT) \ -+ $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) - - clean:: - $(RM) t_nfold.o t_nfold t_encrypt t_encrypt.o t_prng.o t_prng \ -- t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o t_prf t_prf.o -+ t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o t_prf t_prf.o \ -+ t_short t_short.o - -$(RM) t_prng.output - - all-windows:: -@@ -761,6 +767,15 @@ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/hash_provider/hash_provider.h t_cts.c -+t_short.so t_short.po $(OUTPRE)t_short.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ -+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ -+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ -+ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ -+ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ -+ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ -+ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ -+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ -+ t_short.c - vectors.so vectors.po $(OUTPRE)vectors.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ -Index: src/lib/crypto/arcfour/arcfour.c -=================================================================== ---- src/lib/crypto/arcfour/arcfour.c (revision 23398) -+++ src/lib/crypto/arcfour/arcfour.c (working copy) -@@ -203,6 +203,12 @@ - keylength = enc->keylength; - hashsize = hash->hashsize; - -+ /* Verify input and output lengths. */ -+ if (input->length < hashsize + CONFOUNDERLENGTH) -+ return KRB5_BAD_MSIZE; -+ if (output->length < input->length - hashsize - CONFOUNDERLENGTH) -+ return KRB5_BAD_MSIZE; -+ - d1.length=keybytes; - d1.data=malloc(d1.length); - if (d1.data == NULL) -Index: src/lib/crypto/enc_provider/aes.c -=================================================================== ---- src/lib/crypto/enc_provider/aes.c (revision 23398) -+++ src/lib/crypto/enc_provider/aes.c (working copy) -@@ -94,9 +94,11 @@ - nblocks = (input->length + BLOCK_SIZE - 1) / BLOCK_SIZE; - - if (nblocks == 1) { -- /* XXX Used for DK function. */ -+ /* Used when deriving keys. */ -+ if (input->length < BLOCK_SIZE) -+ return KRB5_BAD_MSIZE; - enc(output->data, input->data, &ctx); -- } else { -+ } else if (nblocks > 1) { - unsigned int nleft; - - for (blockno = 0; blockno < nblocks - 2; blockno++) { -@@ -149,9 +151,9 @@ - - if (nblocks == 1) { - if (input->length < BLOCK_SIZE) -- abort(); -+ return KRB5_BAD_MSIZE; - dec(output->data, input->data, &ctx); -- } else { -+ } else if (nblocks > 1) { - - for (blockno = 0; blockno < nblocks - 2; blockno++) { - dec(tmp2, input->data + blockno * BLOCK_SIZE, &ctx); -Index: src/lib/crypto/dk/dk_decrypt.c -=================================================================== ---- src/lib/crypto/dk/dk_decrypt.c (revision 23398) -+++ src/lib/crypto/dk/dk_decrypt.c (working copy) -@@ -89,6 +89,12 @@ - else if (hmacsize > hashsize) - return KRB5KRB_AP_ERR_BAD_INTEGRITY; - -+ /* Verify input and output lengths. */ -+ if (input->length < blocksize + hmacsize) -+ return KRB5_BAD_MSIZE; -+ if (output->length < input->length - blocksize - hmacsize) -+ return KRB5_BAD_MSIZE; -+ - enclen = input->length - hmacsize; - - if ((kedata = (unsigned char *) malloc(keylength)) == NULL) -Index: src/lib/crypto/raw/raw_decrypt.c -=================================================================== ---- src/lib/crypto/raw/raw_decrypt.c (revision 23398) -+++ src/lib/crypto/raw/raw_decrypt.c (working copy) -@@ -34,5 +34,7 @@ - const krb5_data *ivec, const krb5_data *input, - krb5_data *output) - { -+ if (output->length < input->length) -+ return KRB5_BAD_MSIZE; - return((*(enc->decrypt))(key, ivec, input, output)); - } -Index: src/lib/crypto/t_short.c -=================================================================== ---- src/lib/crypto/t_short.c (revision 0) -+++ src/lib/crypto/t_short.c (revision 0) -@@ -0,0 +1,112 @@ -+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -+/* -+ * lib/crypto/crypto_tests/t_short.c -+ * -+ * Copyright (C) 2009 by the Massachusetts Institute of Technology. -+ * All rights reserved. -+ * -+ * Export of this software from the United States of America may -+ * require a specific license from the United States Government. -+ * It is the responsibility of any person or organization contemplating -+ * export to obtain such a license before exporting. -+ * -+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -+ * distribute this software and its documentation for any purpose and -+ * without fee is hereby granted, provided that the above copyright -+ * notice appear in all copies and that both that copyright notice and -+ * this permission notice appear in supporting documentation, and that -+ * the name of M.I.T. not be used in advertising or publicity pertaining -+ * to distribution of the software without specific, written prior -+ * permission. Furthermore if you modify this software you must label -+ * your software as modified software and not distribute it in such a -+ * fashion that it might be confused with the original M.I.T. software. -+ * M.I.T. makes no representations about the suitability of -+ * this software for any purpose. It is provided "as is" without express -+ * or implied warranty. -+ * -+ * Tests the outcome of decrypting overly short tokens. This program can be -+ * run under a tool like valgrind to detect bad memory accesses; when run -+ * normally by the test suite, it verifies that each operation returns -+ * KRB5_BAD_MSIZE. -+ */ -+ -+#include "k5-int.h" -+ -+krb5_enctype interesting_enctypes[] = { -+ ENCTYPE_DES_CBC_CRC, -+ ENCTYPE_DES_CBC_MD4, -+ ENCTYPE_DES_CBC_MD5, -+ ENCTYPE_DES3_CBC_SHA1, -+ ENCTYPE_ARCFOUR_HMAC, -+ ENCTYPE_ARCFOUR_HMAC_EXP, -+ ENCTYPE_AES256_CTS_HMAC_SHA1_96, -+ ENCTYPE_AES128_CTS_HMAC_SHA1_96, -+ 0 -+}; -+ -+/* Abort if an operation unexpectedly fails. */ -+static void -+x(krb5_error_code code) -+{ -+ if (code != 0) -+ abort(); -+} -+ -+/* Abort if a decrypt operation doesn't have the expected result. */ -+static void -+check_decrypt_result(krb5_error_code code, size_t len, size_t min_len) -+{ -+ if (len < min_len) { -+ /* Undersized tokens should always result in BAD_MSIZE. */ -+ if (code != KRB5_BAD_MSIZE) -+ abort(); -+ } else { -+ /* Min-size tokens should succeed or fail the integrity check. */ -+ if (code != 0 && code != KRB5KRB_AP_ERR_BAD_INTEGRITY) -+ abort(); -+ } -+} -+ -+static void -+test_enctype(krb5_enctype enctype) -+{ -+ krb5_error_code ret; -+ krb5_keyblock keyblock; -+ krb5_enc_data input; -+ krb5_data output; -+ size_t min_len, len; -+ -+ printf("Testing enctype %d\n", (int) enctype); -+ x(krb5_c_encrypt_length(NULL, enctype, 0, &min_len)); -+ x(krb5_c_make_random_key(NULL, enctype, &keyblock)); -+ input.enctype = enctype; -+ -+ /* Try each length up to the minimum length. */ -+ for (len = 0; len <= min_len; len++) { -+ input.ciphertext.data = calloc(len, 1); -+ input.ciphertext.length = len; -+ output.data = calloc(len, 1); -+ output.length = len; -+ -+ /* Attempt a normal decryption. */ -+ ret = krb5_c_decrypt(NULL, &keyblock, 0, NULL, &input, &output); -+ check_decrypt_result(ret, len, min_len); -+ -+ free(input.ciphertext.data); -+ free(output.data); -+ } -+} -+ -+int -+main(int argc, char **argv) -+{ -+ int i; -+ krb5_data notrandom; -+ -+ notrandom.data = "notrandom"; -+ notrandom.length = 9; -+ krb5_c_random_seed(NULL, ¬random); -+ for (i = 0; interesting_enctypes[i]; i++) -+ test_enctype(interesting_enctypes[i]); -+ return 0; -+} -Index: src/lib/crypto/old/old_decrypt.c -=================================================================== ---- src/lib/crypto/old/old_decrypt.c (revision 23398) -+++ src/lib/crypto/old/old_decrypt.c (working copy) -@@ -45,8 +45,10 @@ - blocksize = enc->block_size; - hashsize = hash->hashsize; - -+ /* Verify input and output lengths. */ -+ if (input->length < blocksize + hashsize || input->length % blocksize != 0) -+ return(KRB5_BAD_MSIZE); - plainsize = input->length - blocksize - hashsize; -- - if (arg_output->length < plainsize) - return(KRB5_BAD_MSIZE); - |