|
|
775c8e8 |
diff -up ntpsec-1.2.1/libntp/authreadkeys.c.weakkeys ntpsec-1.2.1/libntp/authreadkeys.c
|
|
|
775c8e8 |
--- ntpsec-1.2.1/libntp/authreadkeys.c.weakkeys 2021-06-07 06:03:11.000000000 +0200
|
|
|
775c8e8 |
+++ ntpsec-1.2.1/libntp/authreadkeys.c 2021-06-17 12:19:41.555693047 +0200
|
|
|
775c8e8 |
@@ -249,6 +249,7 @@ authreadkeys(
|
|
|
775c8e8 |
char namebuf[NAMEBUFSIZE];
|
|
|
775c8e8 |
size_t len;
|
|
|
775c8e8 |
int keys = 0;
|
|
|
775c8e8 |
+ char * hashchr = NULL;
|
|
|
775c8e8 |
|
|
|
775c8e8 |
/*
|
|
|
775c8e8 |
* Open file. Complain and return if it can't be opened.
|
|
|
775c8e8 |
@@ -348,7 +349,7 @@ msyslog(LOG_ERR, "AUTH: authreadkeys: re
|
|
|
775c8e8 |
continue;
|
|
|
775c8e8 |
}
|
|
|
775c8e8 |
|
|
|
775c8e8 |
-
|
|
|
775c8e8 |
+ hashchr = strchr(line, '#');
|
|
|
775c8e8 |
|
|
|
775c8e8 |
/*
|
|
|
775c8e8 |
* Finally, get key and insert it.
|
|
|
775c8e8 |
@@ -364,6 +365,15 @@ msyslog(LOG_ERR, "AUTH: authreadkeys: re
|
|
|
775c8e8 |
}
|
|
|
775c8e8 |
len = strlen(token);
|
|
|
775c8e8 |
if (len <= 20) { /* Bug 2537 */
|
|
|
775c8e8 |
+ /* Detect weak keys generated by ntpkeygen
|
|
|
775c8e8 |
+ (CVE-2021-22212). False positives are possible. */
|
|
|
775c8e8 |
+ if (token + len == hashchr) {
|
|
|
775c8e8 |
+ msyslog(LOG_ERR,
|
|
|
775c8e8 |
+ "AUTH: authreadkeys: key %u is followed by '#' (CVE-2021-22212)",
|
|
|
775c8e8 |
+ keyno);
|
|
|
775c8e8 |
+ exit(1);
|
|
|
775c8e8 |
+ }
|
|
|
775c8e8 |
+
|
|
|
775c8e8 |
len = check_key_length(keyno, type, name, upcased, len);
|
|
|
775c8e8 |
check_mac_length(keyno, type, name, upcased);
|
|
|
775c8e8 |
auth_setkey(keyno, type, name, (uint8_t *)token, len);
|