mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 21:05:08 +00:00
heimdal: Fix CVE-2022-4152, signature validation error
When CVE-2022-3437 was fixed by changing memcmp to be a constant time and the workaround for th e compiler was to add "!=0". However the logic implmented was inverted resulting in CVE-2022-4152. Reported by: Timothy E Zingelman <zingelman _AT_ fnal.gov> MFC after: 1 day Security: CVE-2022-4152 Security: https://www.cve.org/CVERecord?id=CVE-2022-45142 Security: https://nvd.nist.gov/vuln/detail/CVE-2022-45142 Security: https://security-tracker.debian.org/tracker/CVE-2022-45142 Security: https://bugs.gentoo.org/show_bug.cgi?id=CVE-2022-45142 Security: https://bugzilla.samba.org/show_bug.cgi?id=15296 Security: https://www.openwall.com/lists/oss-security/2023/02/08/1
This commit is contained in:
parent
4a2b92d99f
commit
5abaf08664
|
@ -307,7 +307,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
|
||||||
return GSS_S_FAILURE;
|
return GSS_S_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
cmp = (ct_memcmp(cksum_data, p + 8, 8) == 0);
|
cmp = (ct_memcmp(cksum_data, p + 8, 8) != 0);
|
||||||
if (cmp) {
|
if (cmp) {
|
||||||
*minor_status = 0;
|
*minor_status = 0;
|
||||||
return GSS_S_BAD_MIC;
|
return GSS_S_BAD_MIC;
|
||||||
|
@ -695,7 +695,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
|
||||||
return GSS_S_FAILURE;
|
return GSS_S_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
cmp = (ct_memcmp(cksum_data, p0 + 16, 8) == 0); /* SGN_CKSUM */
|
cmp = (ct_memcmp(cksum_data, p0 + 16, 8) != 0); /* SGN_CKSUM */
|
||||||
if (cmp) {
|
if (cmp) {
|
||||||
_gsskrb5_release_buffer(minor_status, output_message_buffer);
|
_gsskrb5_release_buffer(minor_status, output_message_buffer);
|
||||||
*minor_status = 0;
|
*minor_status = 0;
|
||||||
|
|
Loading…
Reference in a new issue