smeserver/ntpsec
6
0
Fork 0
generated from smedev/Template-for-SMEServer-Core-Perl
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0622d6d5e3
ntpsec/ntpsec-weakkeys.patch

37 lines
1.2 KiB
Diff
Raw Blame History

diff -up ntpsec-1.2.1/libntp/authreadkeys.c.weakkeys ntpsec-1.2.1/libntp/authreadkeys.c
--- ntpsec-1.2.1/libntp/authreadkeys.c.weakkeys 2021-06-07 06:03:11.000000000 +0200
+++ ntpsec-1.2.1/libntp/authreadkeys.c 2021-06-17 12:19:41.555693047 +0200
@@ -249,6 +249,7 @@ authreadkeys(
char namebuf[NAMEBUFSIZE];
size_t len;
int keys = 0;
+ char * hashchr = NULL;
/*
* Open file. Complain and return if it can't be opened.
@@ -348,7 +349,7 @@ msyslog(LOG_ERR, "AUTH: authreadkeys: re
continue;
}
-
+ hashchr = strchr(line, '#');
/*
* Finally, get key and insert it.
@@ -364,6 +365,15 @@ msyslog(LOG_ERR, "AUTH: authreadkeys: re
}
len = strlen(token);
if (len <= 20) { /* Bug 2537 */
+ /* Detect weak keys generated by ntpkeygen
+ (CVE-2021-22212). False positives are possible. */
+ if (token + len == hashchr) {
+ msyslog(LOG_ERR,
+ "AUTH: authreadkeys: key %u is followed by '#' (CVE-2021-22212)",
+ keyno);
+ exit(1);
+ }
+
len = check_key_length(keyno, type, name, upcased, len);
check_mac_length(keyno, type, name, upcased);
auth_setkey(keyno, type, name, (uint8_t *)token, len);
Reference in New Issue View Git Blame Copy Permalink