Thu Jan 8 14:49:46 2009 UTC ()
try to fix CVE-2009-0025 (incorrect check of DSA_do_verify()'s
return value
(This is not an official patch and possible incomplete.)


(drochner)
diff -r1.1.1.3 -r1.2 src/dist/bind/lib/dns/openssldsa_link.c
cvs diff -r1.1.1.3 -r1.2 src/dist/bind/lib/dns/Attic/openssldsa_link.c (expand / switch to unified diff)

--- src/dist/bind/lib/dns/Attic/openssldsa_link.c 2008/06/21 18:31:44 1.1.1.3
+++ src/dist/bind/lib/dns/Attic/openssldsa_link.c 2009/01/08 14:49:46 1.2
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: openssldsa_link.c,v 1.1.1.3 2008/06/21 18:31:44 christos Exp $ */ 1/* $NetBSD: openssldsa_link.c,v 1.2 2009/01/08 14:49:46 drochner Exp $ */
2 2
3/* 3/*
4 * Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") 4 * Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
5 * Portions Copyright (C) 1999-2002 Internet Software Consortium. 5 * Portions Copyright (C) 1999-2002 Internet Software Consortium.
6 * 6 *
7 * Permission to use, copy, modify, and/or distribute this software for any 7 * Permission to use, copy, modify, and/or distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above 8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies. 9 * copyright notice and this permission notice appear in all copies.
10 * 10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS 11 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
12 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 12 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
13 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE 13 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
14 * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
@@ -138,27 +138,27 @@ openssldsa_verify(dst_context_t *dctx, c @@ -138,27 +138,27 @@ openssldsa_verify(dst_context_t *dctx, c
138 138
139 if (sig->length < 2 * ISC_SHA1_DIGESTLENGTH + 1) 139 if (sig->length < 2 * ISC_SHA1_DIGESTLENGTH + 1)
140 return (DST_R_VERIFYFAILURE); 140 return (DST_R_VERIFYFAILURE);
141 141
142 cp++; /*%< Skip T */ 142 cp++; /*%< Skip T */
143 dsasig = DSA_SIG_new(); 143 dsasig = DSA_SIG_new();
144 dsasig->r = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL); 144 dsasig->r = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL);
145 cp += ISC_SHA1_DIGESTLENGTH; 145 cp += ISC_SHA1_DIGESTLENGTH;
146 dsasig->s = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL); 146 dsasig->s = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL);
147 cp += ISC_SHA1_DIGESTLENGTH; 147 cp += ISC_SHA1_DIGESTLENGTH;
148 148
149 status = DSA_do_verify(digest, ISC_SHA1_DIGESTLENGTH, dsasig, dsa); 149 status = DSA_do_verify(digest, ISC_SHA1_DIGESTLENGTH, dsasig, dsa);
150 DSA_SIG_free(dsasig); 150 DSA_SIG_free(dsasig);
151 if (status == 0) 151 if (status <= 0)
152 return (dst__openssl_toresult(DST_R_VERIFYFAILURE)); 152 return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
153 153
154 return (ISC_R_SUCCESS); 154 return (ISC_R_SUCCESS);
155} 155}
156 156
157static isc_boolean_t 157static isc_boolean_t
158openssldsa_compare(const dst_key_t *key1, const dst_key_t *key2) { 158openssldsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
159 int status; 159 int status;
160 DSA *dsa1, *dsa2; 160 DSA *dsa1, *dsa2;
161 161
162 dsa1 = key1->keydata.dsa; 162 dsa1 = key1->keydata.dsa;
163 dsa2 = key2->keydata.dsa; 163 dsa2 = key2->keydata.dsa;
164 164