Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gcrypt fix #142

Merged
merged 2 commits into from
Jun 6, 2024
Merged

Gcrypt fix #142

merged 2 commits into from
Jun 6, 2024

Conversation

jfriesse
Copy link
Member

@jfriesse jfriesse commented Jun 6, 2024
edited
Loading

Fix reading of server_reply. Also properly check result of gcry_md_get_algo_dlen.

This two patches fixes CVE-2024-3049

Already preaproved by @clumens

@jfriesse
attr: Fix reading of server_reply
43eaf0e 
read_server_reply first reads boothc header and then rest of packet
which contains hmac info. This should go in memory right after
boothc_header and not after full length of packet, because full length
of packet already contains hmac info.

Solution is to simply use length of header and not length of packet.

Longer term and better solution would be to drop read_server_reply
completely and use recv_auth which is used for everything else but attr
set and delete.

Signed-off-by: Jan Friesse <jfriesse@redhat.com>
@jfriesse
auth: Check result of gcrypt gcry_md_get_algo_dlen
98b4284 
When unknown hash is passed to gcry_md_get_algo_dlen 0 is returned. This
value is then used for memcmp so wrong hmac might be accepted as
correct.

Signed-off-by: Jan Friesse <jfriesse@redhat.com>
@jfriesse jfriesse merged commit 2f27130 into ClusterLabs:main Jun 6, 2024
1 check was pending
@jfriesse jfriesse deleted the gcrypt-fix branch June 7, 2024 05:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@jfriesse