summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'app-crypt/mit-krb5/files/1.6-CVE-2009-4212.patch')
-rw-r--r--app-crypt/mit-krb5/files/1.6-CVE-2009-4212.patch268
1 files changed, 0 insertions, 268 deletions
diff --git a/app-crypt/mit-krb5/files/1.6-CVE-2009-4212.patch b/app-crypt/mit-krb5/files/1.6-CVE-2009-4212.patch
deleted file mode 100644
index 7ed2e9967e2d..000000000000
--- a/app-crypt/mit-krb5/files/1.6-CVE-2009-4212.patch
+++ /dev/null
@@ -1,268 +0,0 @@
-Index: src/lib/crypto/Makefile.in
-===================================================================
---- src/lib/crypto/Makefile.in (revision 23398)
-+++ src/lib/crypto/Makefile.in (working copy)
-@@ -22,6 +22,7 @@
- $(srcdir)/t_hmac.c \
- $(srcdir)/t_pkcs5.c \
- $(srcdir)/t_cts.c \
-+ $(srcdir)/t_short.c \
- $(srcdir)/vectors.c
-
- ##DOSBUILDTOP = ..\..
-@@ -184,12 +185,13 @@
-
- clean-unix:: clean-liblinks clean-libs clean-libobjs
-
--check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac t_pkcs5
-+check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac t_pkcs5 t_short
- $(RUN_SETUP) $(VALGRIND) ./t_nfold
- $(RUN_SETUP) $(VALGRIND) ./t_encrypt
- $(RUN_SETUP) $(VALGRIND) ./t_prng <$(srcdir)/t_prng.seed >t_prng.output && \
- diff t_prng.output $(srcdir)/t_prng.expected
- $(RUN_SETUP) $(VALGRIND) ./t_hmac
-+ $(RUN_SETUP) $(VALGRIND) ./t_short
-
- # $(RUN_SETUP) $(VALGRIND) ./t_pkcs5
-
-@@ -218,10 +220,14 @@
- $(CC_LINK) -o $@ t_cts.$(OBJEXT) \
- $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB)
-
-+t_short$(EXEEXT): t_short.$(OBJEXT) $(CRYPTO_DEPLIB) $(SUPPORT_DEPLIB)
-+ $(CC_LINK) -o $@ t_short.$(OBJEXT) \
-+ $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB)
-
- clean::
- $(RM) t_nfold.o t_nfold t_encrypt t_encrypt.o t_prng.o t_prng \
-- t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o t_prf t_prf.o
-+ t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o t_prf t_prf.o \
-+ t_short t_short.o
- -$(RM) t_prng.output
-
- all-windows::
-@@ -761,6 +767,15 @@
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/hash_provider/hash_provider.h t_cts.c
-+t_short.so t_short.po $(OUTPRE)t_short.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \
-+ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-+ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-+ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-+ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-+ t_short.c
- vectors.so vectors.po $(OUTPRE)vectors.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \
-Index: src/lib/crypto/arcfour/arcfour.c
-===================================================================
---- src/lib/crypto/arcfour/arcfour.c (revision 23398)
-+++ src/lib/crypto/arcfour/arcfour.c (working copy)
-@@ -203,6 +203,12 @@
- keylength = enc->keylength;
- hashsize = hash->hashsize;
-
-+ /* Verify input and output lengths. */
-+ if (input->length < hashsize + CONFOUNDERLENGTH)
-+ return KRB5_BAD_MSIZE;
-+ if (output->length < input->length - hashsize - CONFOUNDERLENGTH)
-+ return KRB5_BAD_MSIZE;
-+
- d1.length=keybytes;
- d1.data=malloc(d1.length);
- if (d1.data == NULL)
-Index: src/lib/crypto/enc_provider/aes.c
-===================================================================
---- src/lib/crypto/enc_provider/aes.c (revision 23398)
-+++ src/lib/crypto/enc_provider/aes.c (working copy)
-@@ -94,9 +94,11 @@
- nblocks = (input->length + BLOCK_SIZE - 1) / BLOCK_SIZE;
-
- if (nblocks == 1) {
-- /* XXX Used for DK function. */
-+ /* Used when deriving keys. */
-+ if (input->length < BLOCK_SIZE)
-+ return KRB5_BAD_MSIZE;
- enc(output->data, input->data, &ctx);
-- } else {
-+ } else if (nblocks > 1) {
- unsigned int nleft;
-
- for (blockno = 0; blockno < nblocks - 2; blockno++) {
-@@ -149,9 +151,9 @@
-
- if (nblocks == 1) {
- if (input->length < BLOCK_SIZE)
-- abort();
-+ return KRB5_BAD_MSIZE;
- dec(output->data, input->data, &ctx);
-- } else {
-+ } else if (nblocks > 1) {
-
- for (blockno = 0; blockno < nblocks - 2; blockno++) {
- dec(tmp2, input->data + blockno * BLOCK_SIZE, &ctx);
-Index: src/lib/crypto/dk/dk_decrypt.c
-===================================================================
---- src/lib/crypto/dk/dk_decrypt.c (revision 23398)
-+++ src/lib/crypto/dk/dk_decrypt.c (working copy)
-@@ -89,6 +89,12 @@
- else if (hmacsize > hashsize)
- return KRB5KRB_AP_ERR_BAD_INTEGRITY;
-
-+ /* Verify input and output lengths. */
-+ if (input->length < blocksize + hmacsize)
-+ return KRB5_BAD_MSIZE;
-+ if (output->length < input->length - blocksize - hmacsize)
-+ return KRB5_BAD_MSIZE;
-+
- enclen = input->length - hmacsize;
-
- if ((kedata = (unsigned char *) malloc(keylength)) == NULL)
-Index: src/lib/crypto/raw/raw_decrypt.c
-===================================================================
---- src/lib/crypto/raw/raw_decrypt.c (revision 23398)
-+++ src/lib/crypto/raw/raw_decrypt.c (working copy)
-@@ -34,5 +34,7 @@
- const krb5_data *ivec, const krb5_data *input,
- krb5_data *output)
- {
-+ if (output->length < input->length)
-+ return KRB5_BAD_MSIZE;
- return((*(enc->decrypt))(key, ivec, input, output));
- }
-Index: src/lib/crypto/t_short.c
-===================================================================
---- src/lib/crypto/t_short.c (revision 0)
-+++ src/lib/crypto/t_short.c (revision 0)
-@@ -0,0 +1,112 @@
-+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-+/*
-+ * lib/crypto/crypto_tests/t_short.c
-+ *
-+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
-+ * All rights reserved.
-+ *
-+ * Export of this software from the United States of America may
-+ * require a specific license from the United States Government.
-+ * It is the responsibility of any person or organization contemplating
-+ * export to obtain such a license before exporting.
-+ *
-+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-+ * distribute this software and its documentation for any purpose and
-+ * without fee is hereby granted, provided that the above copyright
-+ * notice appear in all copies and that both that copyright notice and
-+ * this permission notice appear in supporting documentation, and that
-+ * the name of M.I.T. not be used in advertising or publicity pertaining
-+ * to distribution of the software without specific, written prior
-+ * permission. Furthermore if you modify this software you must label
-+ * your software as modified software and not distribute it in such a
-+ * fashion that it might be confused with the original M.I.T. software.
-+ * M.I.T. makes no representations about the suitability of
-+ * this software for any purpose. It is provided "as is" without express
-+ * or implied warranty.
-+ *
-+ * Tests the outcome of decrypting overly short tokens. This program can be
-+ * run under a tool like valgrind to detect bad memory accesses; when run
-+ * normally by the test suite, it verifies that each operation returns
-+ * KRB5_BAD_MSIZE.
-+ */
-+
-+#include "k5-int.h"
-+
-+krb5_enctype interesting_enctypes[] = {
-+ ENCTYPE_DES_CBC_CRC,
-+ ENCTYPE_DES_CBC_MD4,
-+ ENCTYPE_DES_CBC_MD5,
-+ ENCTYPE_DES3_CBC_SHA1,
-+ ENCTYPE_ARCFOUR_HMAC,
-+ ENCTYPE_ARCFOUR_HMAC_EXP,
-+ ENCTYPE_AES256_CTS_HMAC_SHA1_96,
-+ ENCTYPE_AES128_CTS_HMAC_SHA1_96,
-+ 0
-+};
-+
-+/* Abort if an operation unexpectedly fails. */
-+static void
-+x(krb5_error_code code)
-+{
-+ if (code != 0)
-+ abort();
-+}
-+
-+/* Abort if a decrypt operation doesn't have the expected result. */
-+static void
-+check_decrypt_result(krb5_error_code code, size_t len, size_t min_len)
-+{
-+ if (len < min_len) {
-+ /* Undersized tokens should always result in BAD_MSIZE. */
-+ if (code != KRB5_BAD_MSIZE)
-+ abort();
-+ } else {
-+ /* Min-size tokens should succeed or fail the integrity check. */
-+ if (code != 0 && code != KRB5KRB_AP_ERR_BAD_INTEGRITY)
-+ abort();
-+ }
-+}
-+
-+static void
-+test_enctype(krb5_enctype enctype)
-+{
-+ krb5_error_code ret;
-+ krb5_keyblock keyblock;
-+ krb5_enc_data input;
-+ krb5_data output;
-+ size_t min_len, len;
-+
-+ printf("Testing enctype %d\n", (int) enctype);
-+ x(krb5_c_encrypt_length(NULL, enctype, 0, &min_len));
-+ x(krb5_c_make_random_key(NULL, enctype, &keyblock));
-+ input.enctype = enctype;
-+
-+ /* Try each length up to the minimum length. */
-+ for (len = 0; len <= min_len; len++) {
-+ input.ciphertext.data = calloc(len, 1);
-+ input.ciphertext.length = len;
-+ output.data = calloc(len, 1);
-+ output.length = len;
-+
-+ /* Attempt a normal decryption. */
-+ ret = krb5_c_decrypt(NULL, &keyblock, 0, NULL, &input, &output);
-+ check_decrypt_result(ret, len, min_len);
-+
-+ free(input.ciphertext.data);
-+ free(output.data);
-+ }
-+}
-+
-+int
-+main(int argc, char **argv)
-+{
-+ int i;
-+ krb5_data notrandom;
-+
-+ notrandom.data = "notrandom";
-+ notrandom.length = 9;
-+ krb5_c_random_seed(NULL, &notrandom);
-+ for (i = 0; interesting_enctypes[i]; i++)
-+ test_enctype(interesting_enctypes[i]);
-+ return 0;
-+}
-Index: src/lib/crypto/old/old_decrypt.c
-===================================================================
---- src/lib/crypto/old/old_decrypt.c (revision 23398)
-+++ src/lib/crypto/old/old_decrypt.c (working copy)
-@@ -45,8 +45,10 @@
- blocksize = enc->block_size;
- hashsize = hash->hashsize;
-
-+ /* Verify input and output lengths. */
-+ if (input->length < blocksize + hashsize || input->length % blocksize != 0)
-+ return(KRB5_BAD_MSIZE);
- plainsize = input->length - blocksize - hashsize;
--
- if (arg_output->length < plainsize)
- return(KRB5_BAD_MSIZE);
-