rpms / ntpsec

Clone
Source Code
GIT

Files

  1.   75c3166b1149ec803b77186456a27dfe2b784c73
  2.   ntpsec-weakkeys.patch
Blob Blame History Raw 
diff -up ntpsec-1.2.1/libntp/authreadkeys.c.weakkeys ntpsec-1.2.1/libntp/authreadkeys.c
--- ntpsec-1.2.1/libntp/authreadkeys.c.weakkeys	2021-06-07 06:03:11.000000000 +0200
+++ ntpsec-1.2.1/libntp/authreadkeys.c	2021-06-17 12:19:41.555693047 +0200
@@ -249,6 +249,7 @@ authreadkeys(
 	char	namebuf[NAMEBUFSIZE];
 	size_t	len;
 	int	keys = 0;
+	char *	hashchr = NULL;
 
 	/*
 	 * Open file.  Complain and return if it can't be opened.
@@ -348,7 +349,7 @@ msyslog(LOG_ERR, "AUTH: authreadkeys: re
                         continue;
                 }
 
-
+		hashchr = strchr(line, '#');
 
 		/*
 		 * Finally, get key and insert it.
@@ -364,6 +365,15 @@ msyslog(LOG_ERR, "AUTH: authreadkeys: re
 		}
 		len = strlen(token);
 		if (len <= 20) {	/* Bug 2537 */
+			/* Detect weak keys generated by ntpkeygen
+			   (CVE-2021-22212). False positives are possible. */
+			if (token + len == hashchr) {
+				msyslog(LOG_ERR,
+					"AUTH: authreadkeys: key %u is followed by '#' (CVE-2021-22212)",
+					keyno);
+				exit(1);
+			}
+
 			len = check_key_length(keyno, type, name, upcased, len);
 			check_mac_length(keyno, type, name, upcased);
 			auth_setkey(keyno, type, name, (uint8_t *)token, len);
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.