[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: golang-go.crypto / CVE-2019-11841

Hi Brian

Looking at the code and your email I have some concerns.

Isn't the header part of the "signed" argument? If it is not, then there is no point of checking it since you can then just change the header anyway. If it is part of the signed message it is possible for the function to decode it and check it.

Do the calling application need to do the check, can't CheckDetachedSignature do it?

Or have I missed something?

// Ola

On Thu, 10 Sep 2020 at 01:33, Brian May <bam@debian.org> wrote:
Ola Lundqvist <ola@inguza.com> writes:

> Do we have an idea on how a good patch would look like?

OK, I think a patch may not be as simple as I hoped.

CheckDetachedSignature() is where we decode the packet and determine the
hash function used.

But this function is not supplied the headers so it cannot check the
headers. And this function doesn't return the hashFunc used either, so
the calling function cannot check the headers.

Plus the hashFunc is an integer it needs to be decoded into a string -
there is a private function - nameOfHash - that does this.

So some sort of API change is required I think.

I am a bit disappointed actually that the CheckDetachedSignature()
doesn't return the hash used. It means that the calling application only
has access to the insecure value that cannot be trusted.
Brian May <bam@debian.org>

 --- Inguza Technology AB --- MSc in Information Technology ----
|  ola@inguza.com                    opal@debian.org            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |

Reply to: