diff options
author | tez <tez@pkgsrc.org> | 2010-02-24 19:07:51 +0000 |
---|---|---|
committer | tez <tez@pkgsrc.org> | 2010-02-24 19:07:51 +0000 |
commit | 78465e099c38f59ac49e5f45ba91df55528229d2 (patch) | |
tree | 9cff7193a32eacbed5880211cd06229bee7b04be | |
parent | e8b7f5aa0d170359983f5cfc5b5549d5247f4cae (diff) | |
download | pkgsrc-78465e099c38f59ac49e5f45ba91df55528229d2.tar.gz |
Fix CVE-2009-4212 (MITKRB5-SA-2009-004) using patches from
http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt
(slightly adjusted for older kerberos version)
-rw-r--r-- | security/mit-krb5/Makefile | 4 | ||||
-rw-r--r-- | security/mit-krb5/distinfo | 9 | ||||
-rw-r--r-- | security/mit-krb5/patches/patch-bq | 62 | ||||
-rw-r--r-- | security/mit-krb5/patches/patch-br | 17 | ||||
-rw-r--r-- | security/mit-krb5/patches/patch-bs | 30 | ||||
-rw-r--r-- | security/mit-krb5/patches/patch-bt | 17 | ||||
-rw-r--r-- | security/mit-krb5/patches/patch-bu | 12 | ||||
-rw-r--r-- | security/mit-krb5/patches/patch-bv | 117 | ||||
-rw-r--r-- | security/mit-krb5/patches/patch-bw | 16 |
9 files changed, 281 insertions, 3 deletions
diff --git a/security/mit-krb5/Makefile b/security/mit-krb5/Makefile index 09691824ea9..53d0cd9ec72 100644 --- a/security/mit-krb5/Makefile +++ b/security/mit-krb5/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.46 2009/06/30 00:07:22 joerg Exp $ +# $NetBSD: Makefile,v 1.47 2010/02/24 19:07:51 tez Exp $ DISTNAME= krb5-1.4.2 PKGNAME= mit-${DISTNAME:S/-signed$//} -PKGREVISION= 8 +PKGREVISION= 9 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/1.4/ DISTFILES= ${DISTNAME}-signed${EXTRACT_SUFX} diff --git a/security/mit-krb5/distinfo b/security/mit-krb5/distinfo index a2121326989..2d8c3de2f9c 100644 --- a/security/mit-krb5/distinfo +++ b/security/mit-krb5/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.22 2009/04/21 18:58:17 tez Exp $ +$NetBSD: distinfo,v 1.23 2010/02/24 19:07:51 tez Exp $ SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88 RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f @@ -45,3 +45,10 @@ SHA1 (patch-bm) = d8e46f448fa4a51e3b8a42279cf1ab54b0598dd3 SHA1 (patch-bn) = 82c6f98474f31e1e231d3e89d6a24e20ec7fd123 SHA1 (patch-bo) = dcfeab32537f8b89e3ed6a52a69601e3e7822e35 SHA1 (patch-bp) = 5308176a1229b5ac0d0f24eb2f657fdf48935f80 +SHA1 (patch-bq) = 546e2b0260e4197b44f1f5a6f7a03f72125c768b +SHA1 (patch-br) = da7884aa9a1ba79e7e31416bf06f74bcc71b2c01 +SHA1 (patch-bs) = b652562c4e545d41fbbfa6676b10b68823ebfbd8 +SHA1 (patch-bt) = 1398369698cc9c029957723c25dbdf53754cf373 +SHA1 (patch-bu) = bf0688bd703c3dcfa27934e0a6bc43230251512e +SHA1 (patch-bv) = b07fc44dcc577bffece1eb85f5f93e4c10a58e00 +SHA1 (patch-bw) = ffdf13931306b15b9282863926f769f079ffe8f9 diff --git a/security/mit-krb5/patches/patch-bq b/security/mit-krb5/patches/patch-bq new file mode 100644 index 00000000000..05b83735d3f --- /dev/null +++ b/security/mit-krb5/patches/patch-bq @@ -0,0 +1,62 @@ +$NetBSD: patch-bq,v 1.1 2010/02/24 19:07:51 tez Exp $ + +--- lib/crypto/Makefile.in.orig 2004-06-16 20:56:28.000000000 -0500 ++++ lib/crypto/Makefile.in 2010-02-23 17:33:02.605810700 -0600 +@@ -20,6 +20,7 @@ + $(srcdir)/t_hmac.c \ + $(srcdir)/t_pkcs5.c \ + $(srcdir)/t_cts.c \ ++ $(srcdir)/t_short.c \ + $(srcdir)/vectors.c + + ##DOSBUILDTOP = ..\.. +@@ -170,12 +171,13 @@ + + clean-unix:: clean-liblinks clean-libs clean-libobjs + +-check-unix:: t_nfold t_encrypt t_prng t_hmac t_pkcs5 ++check-unix:: t_nfold t_encrypt t_prng t_hmac t_pkcs5 t_short + $(RUN_SETUP) ./t_nfold + $(RUN_SETUP) ./t_encrypt + $(RUN_SETUP) ./t_prng <$(srcdir)/t_prng.seed >t_prng.output && \ + diff t_prng.output $(srcdir)/t_prng.expected + $(RUN_SETUP) ./t_hmac ++ $(RUN_SETUP) ./t_short + + # $(RUN_SETUP) ./t_pkcs5 + +@@ -201,10 +203,14 @@ + $(CC_LINK) -o $@ t_cts.$(OBJEXT) \ + $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) + ++t_short$(EXEEXT): t_short.$(OBJEXT) $(CRYPTO_DEPLIB) ++ $(CC_LINK) -o $@ t_short.$(OBJEXT) \ ++ $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) ++ + + clean:: + $(RM) t_nfold.o t_nfold t_encrypt t_encrypt.o t_prng.o t_prng \ +- t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o ++ t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o t_short t_short.o + -$(RM) t_prng.output + + all-windows:: +@@ -595,6 +601,13 @@ + $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/profile.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(SRCTOP)/include/krb5/kdb.h ++t_short.so t_short.po $(OUTPRE)t_short.$(OBJEXT): t_short.c $(BUILDTOP)/include/krb5.h \ ++ $(COM_ERR_DEPS) $(srcdir)/hash_provider/hash_provider.h \ ++ $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ ++ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \ ++ $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/profile.h \ ++ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ ++ $(SRCTOP)/include/krb5/kdb.h + vectors.so vectors.po $(OUTPRE)vectors.$(OBJEXT): vectors.c $(BUILDTOP)/include/krb5.h \ + $(COM_ERR_DEPS) $(srcdir)/hash_provider/hash_provider.h \ + $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ +@@ -602,4 +615,3 @@ + $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/profile.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(SRCTOP)/include/krb5/kdb.h +- diff --git a/security/mit-krb5/patches/patch-br b/security/mit-krb5/patches/patch-br new file mode 100644 index 00000000000..25d0ebe7c84 --- /dev/null +++ b/security/mit-krb5/patches/patch-br @@ -0,0 +1,17 @@ +$NetBSD: patch-br,v 1.1 2010/02/24 19:07:51 tez Exp $ + +--- lib/crypto/arcfour/arcfour.c.orig 2004-02-18 20:46:26.000000000 -0600 ++++ lib/crypto/arcfour/arcfour.c 2010-02-23 17:43:53.543585400 -0600 +@@ -203,6 +203,12 @@ + keylength = enc->keylength; + hashsize = hash->hashsize; + ++ /* Verify input and output lengths. */ ++ if (input->length < hashsize + CONFOUNDERLENGTH) ++ return KRB5_BAD_MSIZE; ++ if (output->length < input->length - hashsize - CONFOUNDERLENGTH) ++ return KRB5_BAD_MSIZE; ++ + d1.length=keybytes; + d1.data=malloc(d1.length); + if (d1.data == NULL) diff --git a/security/mit-krb5/patches/patch-bs b/security/mit-krb5/patches/patch-bs new file mode 100644 index 00000000000..4b442da0bdf --- /dev/null +++ b/security/mit-krb5/patches/patch-bs @@ -0,0 +1,30 @@ +$NetBSD: patch-bs,v 1.1 2010/02/24 19:07:51 tez Exp $ + +--- lib/crypto/enc_provider/aes.c.orig 2004-05-25 13:06:13.000000000 -0500 ++++ lib/crypto/enc_provider/aes.c 2010-02-23 17:43:53.574980200 -0600 +@@ -68,9 +68,11 @@ + nblocks = (input->length + BLOCK_SIZE - 1) / BLOCK_SIZE; + + if (nblocks == 1) { +- /* XXX Used for DK function. */ ++ /* Used when deriving keys. */ ++ if (input->length < BLOCK_SIZE) ++ return KRB5_BAD_MSIZE; + enc(output->data, input->data, &ctx); +- } else { ++ } else if (nblocks > 1) { + unsigned int nleft; + + for (blockno = 0; blockno < nblocks - 2; blockno++) { +@@ -123,9 +125,9 @@ + + if (nblocks == 1) { + if (input->length < BLOCK_SIZE) +- abort(); ++ return KRB5_BAD_MSIZE; + dec(output->data, input->data, &ctx); +- } else { ++ } else if (nblocks > 1) { + + for (blockno = 0; blockno < nblocks - 2; blockno++) { + dec(tmp2, input->data + blockno * BLOCK_SIZE, &ctx); diff --git a/security/mit-krb5/patches/patch-bt b/security/mit-krb5/patches/patch-bt new file mode 100644 index 00000000000..6148ecc96f5 --- /dev/null +++ b/security/mit-krb5/patches/patch-bt @@ -0,0 +1,17 @@ +$NetBSD: patch-bt,v 1.1 2010/02/24 19:07:51 tez Exp $ + +--- lib/crypto/dk/dk_decrypt.c.orig 2004-02-24 15:07:21.000000000 -0600 ++++ lib/crypto/dk/dk_decrypt.c 2010-02-23 17:43:53.607557500 -0600 +@@ -89,6 +89,12 @@ + else if (hmacsize > hashsize) + return KRB5KRB_AP_ERR_BAD_INTEGRITY; + ++ /* Verify input and output lengths. */ ++ if (input->length < blocksize + hmacsize) ++ return KRB5_BAD_MSIZE; ++ if (output->length < input->length - blocksize - hmacsize) ++ return KRB5_BAD_MSIZE; ++ + enclen = input->length - hmacsize; + + if ((kedata = (unsigned char *) malloc(keylength)) == NULL) diff --git a/security/mit-krb5/patches/patch-bu b/security/mit-krb5/patches/patch-bu new file mode 100644 index 00000000000..df48d67201f --- /dev/null +++ b/security/mit-krb5/patches/patch-bu @@ -0,0 +1,12 @@ +$NetBSD: patch-bu,v 1.1 2010/02/24 19:07:51 tez Exp $ + +--- lib/crypto/raw/raw_decrypt.c.orig 2004-02-18 20:46:30.000000000 -0600 ++++ lib/crypto/raw/raw_decrypt.c 2010-02-23 17:43:53.638863200 -0600 +@@ -34,5 +34,7 @@ + const krb5_data *ivec, const krb5_data *input, + krb5_data *output) + { ++ if (output->length < input->length) ++ return KRB5_BAD_MSIZE; + return((*(enc->decrypt))(key, ivec, input, output)); + } diff --git a/security/mit-krb5/patches/patch-bv b/security/mit-krb5/patches/patch-bv new file mode 100644 index 00000000000..f2b272b8e13 --- /dev/null +++ b/security/mit-krb5/patches/patch-bv @@ -0,0 +1,117 @@ +$NetBSD: patch-bv,v 1.1 2010/02/24 19:07:51 tez Exp $ + +--- lib/crypto/t_short.c.orig 2010-02-23 17:43:53.669981000 -0600 ++++ lib/crypto/t_short.c 2010-02-23 17:43:53.670274200 -0600 +@@ -0,0 +1,112 @@ ++/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ ++/* ++ * lib/crypto/crypto_tests/t_short.c ++ * ++ * Copyright (C) 2009 by the Massachusetts Institute of Technology. ++ * All rights reserved. ++ * ++ * Export of this software from the United States of America may ++ * require a specific license from the United States Government. ++ * It is the responsibility of any person or organization contemplating ++ * export to obtain such a license before exporting. ++ * ++ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and ++ * distribute this software and its documentation for any purpose and ++ * without fee is hereby granted, provided that the above copyright ++ * notice appear in all copies and that both that copyright notice and ++ * this permission notice appear in supporting documentation, and that ++ * the name of M.I.T. not be used in advertising or publicity pertaining ++ * to distribution of the software without specific, written prior ++ * permission. Furthermore if you modify this software you must label ++ * your software as modified software and not distribute it in such a ++ * fashion that it might be confused with the original M.I.T. software. ++ * M.I.T. makes no representations about the suitability of ++ * this software for any purpose. It is provided "as is" without express ++ * or implied warranty. ++ * ++ * Tests the outcome of decrypting overly short tokens. This program can be ++ * run under a tool like valgrind to detect bad memory accesses; when run ++ * normally by the test suite, it verifies that each operation returns ++ * KRB5_BAD_MSIZE. ++ */ ++ ++#include "k5-int.h" ++ ++krb5_enctype interesting_enctypes[] = { ++ ENCTYPE_DES_CBC_CRC, ++ ENCTYPE_DES_CBC_MD4, ++ ENCTYPE_DES_CBC_MD5, ++ ENCTYPE_DES3_CBC_SHA1, ++ ENCTYPE_ARCFOUR_HMAC, ++ ENCTYPE_ARCFOUR_HMAC_EXP, ++ ENCTYPE_AES256_CTS_HMAC_SHA1_96, ++ ENCTYPE_AES128_CTS_HMAC_SHA1_96, ++ 0 ++}; ++ ++/* Abort if an operation unexpectedly fails. */ ++static void ++x(krb5_error_code code) ++{ ++ if (code != 0) ++ abort(); ++} ++ ++/* Abort if a decrypt operation doesn't have the expected result. */ ++static void ++check_decrypt_result(krb5_error_code code, size_t len, size_t min_len) ++{ ++ if (len < min_len) { ++ /* Undersized tokens should always result in BAD_MSIZE. */ ++ if (code != KRB5_BAD_MSIZE) ++ abort(); ++ } else { ++ /* Min-size tokens should succeed or fail the integrity check. */ ++ if (code != 0 && code != KRB5KRB_AP_ERR_BAD_INTEGRITY) ++ abort(); ++ } ++} ++ ++static void ++test_enctype(krb5_enctype enctype) ++{ ++ krb5_error_code ret; ++ krb5_keyblock keyblock; ++ krb5_enc_data input; ++ krb5_data output; ++ size_t min_len, len; ++ ++ printf("Testing enctype %d\n", (int) enctype); ++ x(krb5_c_encrypt_length(NULL, enctype, 0, &min_len)); ++ x(krb5_c_make_random_key(NULL, enctype, &keyblock)); ++ input.enctype = enctype; ++ ++ /* Try each length up to the minimum length. */ ++ for (len = 0; len <= min_len; len++) { ++ input.ciphertext.data = calloc(len, 1); ++ input.ciphertext.length = len; ++ output.data = calloc(len, 1); ++ output.length = len; ++ ++ /* Attempt a normal decryption. */ ++ ret = krb5_c_decrypt(NULL, &keyblock, 0, NULL, &input, &output); ++ check_decrypt_result(ret, len, min_len); ++ ++ free(input.ciphertext.data); ++ free(output.data); ++ } ++} ++ ++int ++main(int argc, char **argv) ++{ ++ int i; ++ krb5_data notrandom; ++ ++ notrandom.data = "notrandom"; ++ notrandom.length = 9; ++ krb5_c_random_seed(NULL, ¬random); ++ for (i = 0; interesting_enctypes[i]; i++) ++ test_enctype(interesting_enctypes[i]); ++ return 0; ++} diff --git a/security/mit-krb5/patches/patch-bw b/security/mit-krb5/patches/patch-bw new file mode 100644 index 00000000000..f4e8c70b63c --- /dev/null +++ b/security/mit-krb5/patches/patch-bw @@ -0,0 +1,16 @@ +$NetBSD: patch-bw,v 1.1 2010/02/24 19:07:51 tez Exp $ + +--- lib/crypto/old/old_decrypt.c.orig 2003-07-22 14:09:31.000000000 -0500 ++++ lib/crypto/old/old_decrypt.c 2010-02-23 17:43:53.702276900 -0600 +@@ -45,8 +45,10 @@ + blocksize = enc->block_size; + hashsize = hash->hashsize; + ++ /* Verify input and output lengths. */ ++ if (input->length < blocksize + hashsize || input->length % blocksize != 0) ++ return(KRB5_BAD_MSIZE); + plainsize = input->length - blocksize - hashsize; +- + if (arg_output->length < plainsize) + return(KRB5_BAD_MSIZE); + |