d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

heimdal: Fix CVE-2022-4152, signature validation error

Browse Source 
When CVE-2022-3437 was fixed by changing memcmp to be a constant
time and the workaround for th e compiler was to add "!=0". However
the logic implmented was inverted resulting in CVE-2022-4152.

Reported by:	Timothy E Zingelman <zingelman _AT_ fnal.gov>
MFC after:	1 day
Security:	CVE-2022-4152
Security:	https://www.cve.org/CVERecord?id=CVE-2022-45142
Security:	https://nvd.nist.gov/vuln/detail/CVE-2022-45142
Security:	https://security-tracker.debian.org/tracker/CVE-2022-45142
Security:	https://bugs.gentoo.org/show_bug.cgi?id=CVE-2022-45142
Security:	https://bugzilla.samba.org/show_bug.cgi?id=15296
Security:	https://www.openwall.com/lists/oss-security/2023/02/08/1
This commit is contained in:
Cy Schubert 2023-03-09 17:03:52 -08:00
parent 4a2b92d99f
commit 5abaf08664
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/heimdal/lib/gssapi/krb5/arcfour.c
View File

@ -307,7 +307,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
return GSS_S_FAILURE;
}
cmp = (ct_memcmp(cksum_data, p + 8, 8) == 0);
cmp = (ct_memcmp(cksum_data, p + 8, 8) != 0);
if (cmp) {
*minor_status = 0;
return GSS_S_BAD_MIC;
@ -695,7 +695,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
return GSS_S_FAILURE;
}
cmp = (ct_memcmp(cksum_data, p0 + 16, 8) == 0); /* SGN_CKSUM */
cmp = (ct_memcmp(cksum_data, p0 + 16, 8) != 0); /* SGN_CKSUM */
if (cmp) {
_gsskrb5_release_buffer(minor_status, output_message_buffer);
*minor_status = 0;