diff options
author | V3n3RiX <venerix@koprulu.sector> | 2023-02-12 09:56:54 +0000 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2023-02-12 09:56:54 +0000 |
commit | ebc282ef4dfa408accac685565b8ee5f6faec119 (patch) | |
tree | c0a4f713228cda0ab17eed46f0bb7ca8cb8be2f6 /app-crypt/heimdal/files | |
parent | 6c8694a707151d59555b0e4e48235f085ce166c3 (diff) |
gentoo auto-resync : 12:02:2023 - 09:56:54
Diffstat (limited to 'app-crypt/heimdal/files')
-rw-r--r-- | app-crypt/heimdal/files/heimdal-7.8.0-CVE-2022-45142.patch | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/app-crypt/heimdal/files/heimdal-7.8.0-CVE-2022-45142.patch b/app-crypt/heimdal/files/heimdal-7.8.0-CVE-2022-45142.patch new file mode 100644 index 000000000000..dad75df4b3b8 --- /dev/null +++ b/app-crypt/heimdal/files/heimdal-7.8.0-CVE-2022-45142.patch @@ -0,0 +1,36 @@ +https://bugs.gentoo.org/893722 +https://www.openwall.com/lists/oss-security/2023/02/08/1 + +From: Helmut Grohne <helmut@...divi.de> +Subject: [PATCH v3] CVE-2022-45142: gsskrb5: fix accidental logic inversions + +The referenced commit attempted to fix miscompilations with gcc-9 and +gcc-10 by changing `memcmp(...)` to `memcmp(...) != 0`. Unfortunately, +it also inverted the result of the comparison in two occasions. This +inversion happened during backporting the patch to 7.7.1 and 7.8.0. + +Fixes: f6edaafcfefd ("gsskrb5: CVE-2022-3437 Use constant-time memcmp() + for arcfour unwrap") +Signed-off-by: Helmut Grohne <helmut@...divi.de> +--- a/lib/gssapi/krb5/arcfour.c ++++ b/lib/gssapi/krb5/arcfour.c +@@ -365,7 +365,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status, + return GSS_S_FAILURE; + } + +- cmp = (ct_memcmp(cksum_data, p + 8, 8) == 0); ++ cmp = (ct_memcmp(cksum_data, p + 8, 8) != 0); + if (cmp) { + *minor_status = 0; + return GSS_S_BAD_MIC; +@@ -730,7 +730,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, + return GSS_S_FAILURE; + } + +- cmp = (ct_memcmp(cksum_data, p0 + 16, 8) == 0); /* SGN_CKSUM */ ++ cmp = (ct_memcmp(cksum_data, p0 + 16, 8) != 0); /* SGN_CKSUM */ + if (cmp) { + _gsskrb5_release_buffer(minor_status, output_message_buffer); + *minor_status = 0; +-- +2.38.1 |