main/krb5: security fix for CVE-2014-4341,CVE-2014-4342

fixes #3211

2 files changed, 174 insertions, 1 deletions

diff --git a/main/krb5/APKBUILD b/main/krb5/APKBUILD
index fbaebb5f1d..f48a610cf4 100644
--- a/main/krb5/APKBUILD
+++ b/main/krb5/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=krb5
 pkgver=1.11.3
-pkgrel=0
+pkgrel=1
 pkgdesc="The Kerberos network authentication system"
 url="http://web.mit.edu/kerberos/www/"
 arch="all"
@@ -17,6 +17,7 @@ source="http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-$pkgver-signed.tar
 	mit-krb5-1.11_uninitialized.patch
 	mit-krb5_krb5-config_LDFLAGS.patch
 	fix-includes.patch
+	CVE-2014-4341_CVE-2014-4342.patch
 
 	krb5kadmind.initd
 	krb5kdc.initd
@@ -118,6 +119,7 @@ md5sums="56f0ae274b285320b8a597cb89442449  krb5-1.11.3-signed.tar
 597cd7ab74a8113b86e3405c15ccfecb  mit-krb5-1.11_uninitialized.patch
 656e242de9b5ada1edf398983db51eef  mit-krb5_krb5-config_LDFLAGS.patch
 2ad9ee0493e4bc376e317d9f76202c75  fix-includes.patch
+483907c8477611c59308b9f58b4983ee  CVE-2014-4341_CVE-2014-4342.patch
 29906e70e15025dda8b315d8209cab4c  krb5kadmind.initd
 47efe7f24c98316d38ea46ad629b3517  krb5kdc.initd
 3e0b8313c1e5bfb7625f35e76a5e53f1  krb5kpropd.initd"
@@ -125,6 +127,7 @@ sha256sums="9abd94bb94a70996da0f8d90408957154bb543271b097e86c63eb33e5f5751b5  kr
 81a0d432b6d1686587b25b6ce70f0b8558e0c693da4c63b9de881962ae01c043  mit-krb5-1.11_uninitialized.patch
 9ebfc38cc167bbf451105807512845cd961f839d64b7e2904a6c4e722e41fe2b  mit-krb5_krb5-config_LDFLAGS.patch
 2eaa327bb57408558ed20279b0ba8078c826210c861af0c83a0c22d26c9b1b3a  fix-includes.patch
+fedc050d53e52d188706b8ebc8ca3b4d5e84b1a482d704cdabeece0206b8779b  CVE-2014-4341_CVE-2014-4342.patch
 c7a1ec03472996daaaaf1a4703566113c80f72ee8605d247098a25a13dad1f5f  krb5kadmind.initd
 709309dea043aa306c2fcf0960e0993a6db540c220de64cf92d6b85f1cca23c5  krb5kdc.initd
 86b15d691e32b331ac756ee368b7364de6ab238dcae5adfed2a00b57d1b64ef4  krb5kpropd.initd"
@@ -132,6 +135,7 @@ sha512sums="4d4c5d5c3a495da141bca40fe73378db190ace8ed397b7bb8e38c53757e6df3ec55f
 4d2ea5189971df13bf874d29bcf89fa3bfeb1d25b3bd9245ee7c88f5c4834e950c5978ce13df3b8fc05f98dd7d5510dad43af0440436958fa23f9e1a51f60f76  mit-krb5-1.11_uninitialized.patch
 8118518e359cb5e69e3321b7438b200d5d74ceeac16b4623bf4e4bfb4ead6c656de6fa153f9bcc454097b45a512bc8cd0798b1f062a2c4a09f75253b204a7a17  mit-krb5_krb5-config_LDFLAGS.patch
 aa33bcd481f85f7456fe9cfaa3842d86a08d8cdc9c30523f7524586d706e9ad905c63f1514173a209a2fc1071443a5c23d530b0960d0d5e0a6c32133fb7a0e9a  fix-includes.patch
+634bbca9552225ab404cceda812ea0317ef8bc9076a40f3a9d87e31f9180a98a07327c4609f714531c2c1feccea26d88920b49bd449bdaed8cfd26d7ee499635  CVE-2014-4341_CVE-2014-4342.patch
 561af06b4e0f0e130dda345ad934bcdb9984ec00cc38d871df1d3bb3f9e1c7d86f06db5b03229707c88b96ad324e3a2222420f8494aa431002cacea0246b1153  krb5kadmind.initd
 d6d0076886ce284fc395fafc2dc253b4b3ee97b2986dea51388d96a1e1294680fb171f475efc7844559e2c6aac44b26678a9255921db9a58dcf2e7164f0aeec5  krb5kdc.initd
 f97d33fa977c132a470d95fd539d8e8db018e03f28dbc9d3e04faf78ebb7392196e7d5135f138c2390979bf37b3ae0265e6827f0c17b44b277eb2dfff0a96f77  krb5kpropd.initd"
diff --git a/main/krb5/CVE-2014-4341_CVE-2014-4342.patch b/main/krb5/CVE-2014-4341_CVE-2014-4342.patch
new file mode 100644
index 0000000000..fa4823694f
--- /dev/null
+++ b/main/krb5/CVE-2014-4341_CVE-2014-4342.patch
@@ -0,0 +1,169 @@
+From e6ae703ae597d798e310368d52b8f38ee11c6a73 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Thu, 19 Jun 2014 13:49:16 -0400
+Subject: [PATCH] Handle invalid RFC 1964 tokens [CVE-2014-4341...]
+
+Detect the following cases which would otherwise cause invalid memory
+accesses and/or integer underflow:
+
+* An RFC 1964 token being processed by an RFC 4121-only context
+  [CVE-2014-4342]
+
+* A header with fewer than 22 bytes after the token ID or an
+  incomplete checksum [CVE-2014-4341 CVE-2014-4342]
+
+* A ciphertext shorter than the confounder [CVE-2014-4341]
+
+* A declared padding length longer than the plaintext [CVE-2014-4341]
+
+If we detect a bad pad byte, continue on to compute the checksum to
+avoid creating a padding oracle, but treat the checksum as invalid
+even if it compares equal.
+
+CVE-2014-4341:
+
+In MIT krb5, an unauthenticated remote attacker with the ability to
+inject packets into a legitimately established GSSAPI application
+session can cause a program crash due to invalid memory references
+when attempting to read beyond the end of a buffer.
+
+    CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C
+
+CVE-2014-4342:
+
+In MIT krb5 releases krb5-1.7 and later, an unauthenticated remote
+attacker with the ability to inject packets into a legitimately
+established GSSAPI application session can cause a program crash due
+to invalid memory references when reading beyond the end of a buffer
+or by causing a null pointer dereference.
+
+    CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C
+
+[tlyu@mit.edu: CVE summaries, CVSS]
+
+(cherry picked from commit fb99962cbd063ac04c9a9d2cc7c75eab73f3533d)
+
+ticket: 7949
+version_fixed: 1.12.2
+status: resolved
+---
+ src/lib/gssapi/krb5/k5unseal.c    | 41 +++++++++++++++++++++++++++++++--------
+ src/lib/gssapi/krb5/k5unsealiov.c |  9 ++++++++-
+ 2 files changed, 41 insertions(+), 9 deletions(-)
+
+diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c
+index ca21d43..b65c83c 100644
+--- a/src/lib/gssapi/krb5/k5unseal.c
++++ b/src/lib/gssapi/krb5/k5unseal.c
+@@ -74,6 +74,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
+     int conflen = 0;
+     int signalg;
+     int sealalg;
++    int bad_pad = 0;
+     gss_buffer_desc token;
+     krb5_checksum cksum;
+     krb5_checksum md5cksum;
+@@ -86,6 +87,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
+     krb5_ui_4 seqnum;
+     OM_uint32 retval;
+     size_t sumlen;
++    size_t padlen;
+     krb5_keyusage sign_usage = KG_USAGE_SIGN;
+ 
+     if (toktype == KG_TOK_SEAL_MSG) {
+@@ -93,18 +95,23 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
+         message_buffer->value = NULL;
+     }
+ 
+-    /* get the sign and seal algorithms */
+-
+-    signalg = ptr[0] + (ptr[1]<<8);
+-    sealalg = ptr[2] + (ptr[3]<<8);
+-
+     /* Sanity checks */
+ 
+-    if ((ptr[4] != 0xff) || (ptr[5] != 0xff)) {
++    if (ctx->seq == NULL) {
++        /* ctx was established using a newer enctype, and cannot process RFC
++         * 1964 tokens. */
++        *minor_status = 0;
++        return GSS_S_DEFECTIVE_TOKEN;
++    }
++
++    if ((bodysize < 22) || (ptr[4] != 0xff) || (ptr[5] != 0xff)) {
+         *minor_status = 0;
+         return GSS_S_DEFECTIVE_TOKEN;
+     }
+ 
++    signalg = ptr[0] + (ptr[1]<<8);
++    sealalg = ptr[2] + (ptr[3]<<8);
++
+     if ((toktype != KG_TOK_SEAL_MSG) &&
+         (sealalg != 0xffff)) {
+         *minor_status = 0;
+@@ -153,6 +160,11 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
+         return GSS_S_DEFECTIVE_TOKEN;
+     }
+ 
++    if ((size_t)bodysize < 14 + cksum_len) {
++        *minor_status = 0;
++        return GSS_S_DEFECTIVE_TOKEN;
++    }
++
+     /* get the token parameters */
+ 
+     if ((code = kg_get_seq_num(context, ctx->seq, ptr+14, ptr+6, &direction,
+@@ -207,7 +219,20 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
+         plainlen = tmsglen;
+ 
+         conflen = kg_confounder_size(context, ctx->enc->keyblock.enctype);
+-        token.length = tmsglen - conflen - plain[tmsglen-1];
++        if (tmsglen < conflen) {
++            if (sealalg != 0xffff)
++                xfree(plain);
++            *minor_status = 0;
++            return(GSS_S_DEFECTIVE_TOKEN);
++        }
++        padlen = plain[tmsglen - 1];
++        if (tmsglen - conflen < padlen) {
++            /* Don't error out yet, to avoid padding oracle attacks.  We will
++             * treat this as a checksum failure later on. */
++            padlen = 0;
++            bad_pad = 1;
++        }
++        token.length = tmsglen - conflen - padlen;
+ 
+         if (token.length) {
+             if ((token.value = (void *) gssalloc_malloc(token.length)) == NULL) {
+@@ -403,7 +428,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
+ 
+     /* compare the computed checksum against the transmitted checksum */
+ 
+-    if (code) {
++    if (code || bad_pad) {
+         if (toktype == KG_TOK_SEAL_MSG)
+             gssalloc_free(token.value);
+         *minor_status = 0;
+diff --git a/src/lib/gssapi/krb5/k5unsealiov.c b/src/lib/gssapi/krb5/k5unsealiov.c
+index e34bda4..8d6a2da 100644
+--- a/src/lib/gssapi/krb5/k5unsealiov.c
++++ b/src/lib/gssapi/krb5/k5unsealiov.c
+@@ -69,7 +69,14 @@ kg_unseal_v1_iov(krb5_context context,
+         return GSS_S_DEFECTIVE_TOKEN;
+     }
+ 
+-    if (header->buffer.length < token_wrapper_len + 14) {
++    if (ctx->seq == NULL) {
++        /* ctx was established using a newer enctype, and cannot process RFC
++         * 1964 tokens. */
++        *minor_status = 0;
++        return GSS_S_DEFECTIVE_TOKEN;
++    }
++
++    if (header->buffer.length < token_wrapper_len + 22) {
+         *minor_status = 0;
+         return GSS_S_DEFECTIVE_TOKEN;
+     }
+-- 
+1.9.3
+