Correct ntpd(8) cryptographic signature bypass [SA-09:04].

Correct BIND DNSSEC incorrect checks for malformed signatures [SA-09:04]. Security: FreeBSD-SA-09:03.ntpd Security: FreeBSD-SA-09:04.bind Obtained from: ISC [SA-09:04] Approved by: so (simon)
author: simon <simon@FreeBSD.org> 2009-01-13 21:19:27 +0000
committer: simon <simon@FreeBSD.org> 2009-01-13 21:19:27 +0000
commit: 49eb227b50686c107b98d6d11c812fb9246e7b20 (patch)
tree: 0bda42086c4823518c67624e2f4944168adbe933 /contrib
parent: 2bfcbeed12df523f345da3131f40622507b99c5a (diff)
download: FreeBSD-src-49eb227b50686c107b98d6d11c812fb9246e7b20.zip
FreeBSD-src-49eb227b50686c107b98d6d11c812fb9246e7b20.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/contrib/ntp/ntpd/ntp_crypto.c b/contrib/ntp/ntpd/ntp_crypto.c
index 84adbdd..82afe69 100644
--- a/contrib/ntp/ntpd/ntp_crypto.c
+++ b/contrib/ntp/ntpd/ntp_crypto.c
@@ -1612,7 +1612,7 @@ crypto_verify(
 	 */
 	EVP_VerifyInit(&ctx, peer->digest);
 	EVP_VerifyUpdate(&ctx, (u_char *)&ep->tstamp, vallen + 12);
-	if (!EVP_VerifyFinal(&ctx, (u_char *)&ep->pkt[i], siglen, pkey))
+	if (EVP_VerifyFinal(&ctx, (u_char *)&ep->pkt[i], siglen, pkey) <= 0)
 		return (XEVNT_SIG);
 
 	if (peer->crypto & CRYPTO_FLAG_VRFY) {
author	simon <simon@FreeBSD.org>	2009-01-13 21:19:27 +0000
committer	simon <simon@FreeBSD.org>	2009-01-13 21:19:27 +0000
commit	49eb227b50686c107b98d6d11c812fb9246e7b20 (patch)
tree	0bda42086c4823518c67624e2f4944168adbe933 /contrib
parent	2bfcbeed12df523f345da3131f40622507b99c5a (diff)
download	FreeBSD-src-49eb227b50686c107b98d6d11c812fb9246e7b20.zip FreeBSD-src-49eb227b50686c107b98d6d11c812fb9246e7b20.tar.gz