summaryrefslogtreecommitdiffstats
path: root/contrib/ntp/ntpd/ntp_crypto.c
diff options
context:
space:
mode:
authordelphij <delphij@FreeBSD.org>2014-12-22 19:07:16 +0000
committerdelphij <delphij@FreeBSD.org>2014-12-22 19:07:16 +0000
commit77f68eb34a5227ee871dceac46abbd1db966388b (patch)
treed6d4485aa1ef497ee3283b4612cd1f9319518b28 /contrib/ntp/ntpd/ntp_crypto.c
parent2b345a08edde7a77b1eccf22395f90aec2d3adac (diff)
downloadFreeBSD-src-77f68eb34a5227ee871dceac46abbd1db966388b.zip
FreeBSD-src-77f68eb34a5227ee871dceac46abbd1db966388b.tar.gz
MFC r276071:
Fix multiple ntp vulnerabilities. Reviewed by: roberto (earlier revision), philip Security: CVE-2014-9293, CVE-2014-9294 Security: CVE-2014-9295, CVE-2014-9296 Security: FreeBSD-SA-14:31.ntp
Diffstat (limited to 'contrib/ntp/ntpd/ntp_crypto.c')
-rw-r--r--contrib/ntp/ntpd/ntp_crypto.c22
1 files changed, 17 insertions, 5 deletions
diff --git a/contrib/ntp/ntpd/ntp_crypto.c b/contrib/ntp/ntpd/ntp_crypto.c
index cce95a8..37427f4 100644
--- a/contrib/ntp/ntpd/ntp_crypto.c
+++ b/contrib/ntp/ntpd/ntp_crypto.c
@@ -864,12 +864,24 @@ crypto_recv(
* errors.
*/
if (vallen == (u_int) EVP_PKEY_size(host_pkey)) {
- RSA_private_decrypt(vallen,
+ u_int32 *cookiebuf = malloc(
+ RSA_size(host_pkey->pkey.rsa));
+ if (cookiebuf == NULL) {
+ rval = XEVNT_CKY;
+ break;
+ }
+ if (RSA_private_decrypt(vallen,
(u_char *)ep->pkt,
- (u_char *)&temp32,
+ (u_char *)cookiebuf,
host_pkey->pkey.rsa,
- RSA_PKCS1_OAEP_PADDING);
- cookie = ntohl(temp32);
+ RSA_PKCS1_OAEP_PADDING) != 4) {
+ rval = XEVNT_CKY;
+ free(cookiebuf);
+ break;
+ } else {
+ cookie = ntohl(*cookiebuf);
+ free(cookiebuf);
+ }
} else {
rval = XEVNT_CKY;
break;
@@ -3914,7 +3926,7 @@ crypto_setup(void)
rand_file);
exit (-1);
}
- get_systime(&seed);
+ arc4random_buf(&seed, sizeof(l_fp));
RAND_seed(&seed, sizeof(l_fp));
RAND_write_file(rand_file);
OpenSSL_add_all_algorithms();
OpenPOWER on IntegriCloud