rpms / ntpsec

Clone
Source Code
GIT

Blame ntpsec-weakkeys.patch

epel9 f34 f35 f36 f37 f38 f39 f40 main rawhide
  1.   f34
  2.   ntpsec-weakkeys.patch
Blob History Raw
775c8e8 
diff -up ntpsec-1.2.1/libntp/authreadkeys.c.weakkeys ntpsec-1.2.1/libntp/authreadkeys.c
775c8e8 
--- ntpsec-1.2.1/libntp/authreadkeys.c.weakkeys	2021-06-07 06:03:11.000000000 +0200
775c8e8 
+++ ntpsec-1.2.1/libntp/authreadkeys.c	2021-06-17 12:19:41.555693047 +0200
775c8e8 
@@ -249,6 +249,7 @@ authreadkeys(
775c8e8 
 	char	namebuf[NAMEBUFSIZE];
775c8e8 
 	size_t	len;
775c8e8 
 	int	keys = 0;
775c8e8 
+	char *	hashchr = NULL;
775c8e8
775c8e8 
 	/*
775c8e8 
 	 * Open file.  Complain and return if it can't be opened.
775c8e8 
@@ -348,7 +349,7 @@ msyslog(LOG_ERR, "AUTH: authreadkeys: re
775c8e8 
                         continue;
775c8e8 
                 }
775c8e8
775c8e8 
-
775c8e8 
+		hashchr = strchr(line, '#');
775c8e8
775c8e8 
 		/*
775c8e8 
 		 * Finally, get key and insert it.
775c8e8 
@@ -364,6 +365,15 @@ msyslog(LOG_ERR, "AUTH: authreadkeys: re
775c8e8 
 		}
775c8e8 
 		len = strlen(token);
775c8e8 
 		if (len <= 20) {	/* Bug 2537 */
775c8e8 
+			/* Detect weak keys generated by ntpkeygen
775c8e8 
+			   (CVE-2021-22212). False positives are possible. */
775c8e8 
+			if (token + len == hashchr) {
775c8e8 
+				msyslog(LOG_ERR,
775c8e8 
+					"AUTH: authreadkeys: key %u is followed by '#' (CVE-2021-22212)",
775c8e8 
+					keyno);
775c8e8 
+				exit(1);
775c8e8 
+			}
775c8e8 
+
775c8e8 
 			len = check_key_length(keyno, type, name, upcased, len);
775c8e8 
 			check_mac_length(keyno, type, name, upcased);
775c8e8 
 			auth_setkey(keyno, type, name, (uint8_t *)token, len);
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.