Re: ntp security update
On Mon, Oct 26, 2015 at 06:55:06AM +0900, Ben Hutchings wrote:
> On Sun, 2015-10-25 at 22:45 +0100, Kurt Roeckx wrote:
> > On Mon, Oct 26, 2015 at 06:13:07AM +0900, Ben Hutchings wrote:
> [...]
> > > > While I have addiotional patches for:
> > > > CVE-2014-9750.patch (it was missing 1 patch while it was fixed it
> > > > seems)
> > >
> > > Which is split from CVE-2014-9297.
> >
> > From what I understand CVE-2014-9297 was changed to CVE-2014-9750
> > and CVE-2014-9298 to CVE-2014-9751 because someone mixed them up.
> > There is nothing split.
> >
> > In any case, there is a patch missing.
>
> OK, which one is that? I looked through the upstream commits for bug
> 2671 and they all seemed to have been included in CVE-2014-9297.patch.
*look confused*
At some point 348fc9fa390c7894f589104fbca4d635868b7a45 was
missing.
But redhat has a diff that looks like:
--- ntp_crypto.c
+++ ntp_crypto.c
@@ -1575,6 +1575,7 @@
EVP_MD_CTX ctx; /* signature context */
tstamp_t tstamp; /* NTP timestamp */
u_int32 temp32;
+ u_char *puch;
/*
* Extract the public key from the request.
@@ -1596,9 +1597,9 @@
vallen = EVP_PKEY_size(pkey);
vp->vallen = htonl(vallen);
vp->ptr = emalloc(vallen);
- ptr = vp->ptr;
+ puch = vp->ptr;
temp32 = htonl(*cookie);
- if (RSA_public_encrypt(4, (u_char *)&temp32, ptr,
+ if (RSA_public_encrypt(4, (u_char *)&temp32, puch,
pkey->pkey.rsa, RSA_PKCS1_OAEP_PADDING) <= 0) {
msyslog(LOG_ERR, "crypto_encrypt: %s",
ERR_error_string(ERR_get_error(), NULL));
(Didn't look at what that does yet, looks like part of a change of
a much older commit.)
Kurt
Reply to: