Bug#989976: unblock: ntpsec/1.2.0+dfsg1-4

[Richard Laager <rlaager@debian.org>]

Subject: unblock: ntpsec/1.2.0+dfsg1-4
Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package ntpsec

[ Reason ]
This is a targetted fix (specifically a backport of the upstream fix)
for Debian bug #989847 / CVE-2021-22212.

[ Impact ]
ntpkeygen can generate keys using the # character, which is then parsed
as a comment by ntpd, truncating the key.  This weakens security for
anyone generating keys using ntpkeygen.  In the worst case that would
still function, the key could be effectively truncated to a single
character (e.g. "X#...").

[ Tests ]
There are no automated tests covering this functionality.  I manually
tested ntpkeygen to ensure it still functions. (Also, I'm not getting
any keys with # in them, but even with the bug it wouldn't be guaranteed
to happen every time.)

[ Risks ]
The targetted fix touches only ntpkeygen.  If the change caused an
unforseen problem, it would be limited to ntpkeygen, not the core ntpd
functionality.

The specific change is trivial, changing the starting point of the range
from 0x21 (!) to 0x24 ($).  This avoids 0x23 (#).  However, it differs
from the pre-bug version of this code in that it will not output
0x21 (!) or 0x22 (") either.

In the course of investigating this, I see that the pre-bug version used
random.randint(0x21, 0x7e) which is inclusive on the upper end, while 
the new code uses 0x2[14] + secrets.randbelow(0x5d) which is exclusive
on the upper end.  Thus, the new code (both prior to and after the fix
for this CVE) will no longer use 0x7e (~).  This is arguably another
bug.

Both of these slightly reduce the entropy, but I'm not sure how much it
matters:

Pre-bug: [0x21, 0x7e] excluding 0x23 => 0x5d choices per char
Bug:     [0x21, 0x7e) aka            => 0x5d choices per char
         [0x21, 0x7d]
Now:     [0x24, 0x7e) aka            => 0x5a choices per char
         [0x24, 0x7d]

I have emailed upstreams with these notes.  But, even if one considers
this small reduction in entropy a problem, having the current fix is
still much better than not having it.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
Upstream issue:
https://gitlab.com/NTPsec/ntpsec/-/issues/699

Upstream fix:
https://gitlab.com/NTPsec/ntpsec/-/commit/fc50a701faafe60f117473016868770df54a6444

Bug introduced:
https://gitlab.com/NTPsec/ntpsec/-/commit/974bcf02108f94a23eb619619e706b720aeb2ddd

unblock ntpsec/1.2.0+dfsg1-4

--
Richard

diff -Nru ntpsec-1.2.0+dfsg1/debian/changelog ntpsec-1.2.0+dfsg1/debian/changelog
--- ntpsec-1.2.0+dfsg1/debian/changelog	2021-01-20 20:36:38.000000000 -0600
+++ ntpsec-1.2.0+dfsg1/debian/changelog	2021-06-17 00:15:04.000000000 -0500
@@ -1,3 +1,9 @@
+ntpsec (1.2.0+dfsg1-4) unstable; urgency=medium
+
+  * ntpkeygen: Stop using # character: CVE-2021-22212 (Closes: 989847)
+
+ -- Richard Laager <rlaager@debian.org>  Thu, 17 Jun 2021 00:15:04 -0500
+
 ntpsec (1.2.0+dfsg1-3) unstable; urgency=medium
 
   * apparmor: allow openssl.cnf (Closes: 980508)
diff -Nru ntpsec-1.2.0+dfsg1/debian/patches/0001-Don-t-generate-into-ASCIIfied-keys.patch ntpsec-1.2.0+dfsg1/debian/patches/0001-Don-t-generate-into-ASCIIfied-keys.patch
--- ntpsec-1.2.0+dfsg1/debian/patches/0001-Don-t-generate-into-ASCIIfied-keys.patch	1969-12-31 18:00:00.000000000 -0600
+++ ntpsec-1.2.0+dfsg1/debian/patches/0001-Don-t-generate-into-ASCIIfied-keys.patch	2021-06-16 23:50:03.000000000 -0500
@@ -0,0 +1,36 @@
+From fc50a701faafe60f117473016868770df54a6444 Mon Sep 17 00:00:00 2001
+From: "Eric S. Raymond" <esr@thyrsus.com>
+Date: Tue, 11 May 2021 08:10:10 -0400
+Subject: [PATCH] Don't generate # into ASCIIfied keys.
+
+---
+ ntpclients/ntpkeygen.py | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/ntpclients/ntpkeygen.py b/ntpclients/ntpkeygen.py
+index 969be76a6..10d220f43 100644
+--- a/ntpclients/ntpkeygen.py
++++ b/ntpclients/ntpkeygen.py
+@@ -33,7 +33,8 @@ try:
+         if asciified:
+             result = ''
+             for index in range(bytes):
+-                result += chr(0x21 + secrets.randbelow(0x5d))
++                # Start ASCII characters with 0x24 so as not to include comment-beginning #
++                result += chr(0x24 + secrets.randbelow(0x5a))
+             return result
+         else:
+             return secrets.token_hex(bytes)
+@@ -43,7 +44,8 @@ except ImportError:
+         result = ''
+         if asciified:
+             for index in range(bytes):
+-                result += chr(random.randint(0x21, 0x7e))
++                # Start ASCII characters with 0x24 so as not to include comment-beginning #
++                result += chr(random.randint(0x24, 0x7e))
+         else:
+             for index in range(bytes):
+                 result += "%02x" % random.randint(0x0, 0xff)
+-- 
+2.25.1
+
diff -Nru ntpsec-1.2.0+dfsg1/debian/patches/series ntpsec-1.2.0+dfsg1/debian/patches/series
--- ntpsec-1.2.0+dfsg1/debian/patches/series	2021-01-20 20:18:07.000000000 -0600
+++ ntpsec-1.2.0+dfsg1/debian/patches/series	2021-06-16 23:50:31.000000000 -0500
@@ -1,5 +1,6 @@
 # Accepted upstream
 0001-ntpviz-Fix-format-string.patch
+0001-Don-t-generate-into-ASCIIfied-keys.patch
 
 # Forwarded
 fix-the-libntpc-install-path.patch

Attachment: OpenPGP_signature
Description: OpenPGP digital signature