generated from smedev/Template-for-SMEServer-Core-Perl
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
37 lines
1.2 KiB
Diff
37 lines
1.2 KiB
Diff
diff -up ntpsec-1.2.1/libntp/authreadkeys.c.weakkeys ntpsec-1.2.1/libntp/authreadkeys.c
|
|
--- ntpsec-1.2.1/libntp/authreadkeys.c.weakkeys 2021-06-07 06:03:11.000000000 +0200
|
|
+++ ntpsec-1.2.1/libntp/authreadkeys.c 2021-06-17 12:19:41.555693047 +0200
|
|
@@ -249,6 +249,7 @@ authreadkeys(
|
|
char namebuf[NAMEBUFSIZE];
|
|
size_t len;
|
|
int keys = 0;
|
|
+ char * hashchr = NULL;
|
|
|
|
/*
|
|
* Open file. Complain and return if it can't be opened.
|
|
@@ -348,7 +349,7 @@ msyslog(LOG_ERR, "AUTH: authreadkeys: re
|
|
continue;
|
|
}
|
|
|
|
-
|
|
+ hashchr = strchr(line, '#');
|
|
|
|
/*
|
|
* Finally, get key and insert it.
|
|
@@ -364,6 +365,15 @@ msyslog(LOG_ERR, "AUTH: authreadkeys: re
|
|
}
|
|
len = strlen(token);
|
|
if (len <= 20) { /* Bug 2537 */
|
|
+ /* Detect weak keys generated by ntpkeygen
|
|
+ (CVE-2021-22212). False positives are possible. */
|
|
+ if (token + len == hashchr) {
|
|
+ msyslog(LOG_ERR,
|
|
+ "AUTH: authreadkeys: key %u is followed by '#' (CVE-2021-22212)",
|
|
+ keyno);
|
|
+ exit(1);
|
|
+ }
|
|
+
|
|
len = check_key_length(keyno, type, name, upcased, len);
|
|
check_mac_length(keyno, type, name, upcased);
|
|
auth_setkey(keyno, type, name, (uint8_t *)token, len);
|