[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1018246: marked as done (buster-pu: package freeradius/3.0.17+dfsg-1.1+deb10u1)

Your message dated Sat, 10 Sep 2022 13:40:55 +0100
with message-id <2cfc9645343bdb910fe19c07bddfec2c428346a3.camel@adam-barratt.org.uk>
and subject line Closing requests for updates included in 10.13
has caused the Debian Bug report #1018246,
regarding buster-pu: package freeradius/3.0.17+dfsg-1.1+deb10u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1018246: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018246
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Debian FreeRADIUS Packaging Team <pkg-freeradius-maintainers@lists.alioth.debian.org>

  * CVE-2019-13456: side-channel leak where 1 in 2048 handshakes fail
  * CVE-2019-17185: DoS due to multithreaded BN_CTX access
  * Add upstream fix for a crash bug. (Closes: #992036)

This fixes 2 CVEs (already fixed in bullseye),
and a crash that has been already fixed in a bullseye point release.

diff -Nru freeradius-3.0.17+dfsg/debian/changelog freeradius-3.0.17+dfsg/debian/changelog
--- freeradius-3.0.17+dfsg/debian/changelog	2019-04-23 00:23:36.000000000 +0300
+++ freeradius-3.0.17+dfsg/debian/changelog	2022-08-27 22:29:38.000000000 +0300
@@ -1,3 +1,12 @@
+freeradius (3.0.17+dfsg-1.1+deb10u1) buster; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2019-13456: side-channel leak where 1 in 2048 handshakes fail
+  * CVE-2019-17185: DoS due to multithreaded BN_CTX access
+  * Add upstream fix for a crash bug. (Closes: #992036)
+
+ -- Adrian Bunk <bunk@debian.org>  Sat, 27 Aug 2022 22:29:38 +0300
+
 freeradius (3.0.17+dfsg-1.1) unstable; urgency=high
 
   * Non-maintainer upload.
diff -Nru freeradius-3.0.17+dfsg/debian/patches/0001-EAP-pwd-fix-DoS-due-to-multithreaded-BN_CTX-access.patch freeradius-3.0.17+dfsg/debian/patches/0001-EAP-pwd-fix-DoS-due-to-multithreaded-BN_CTX-access.patch
--- freeradius-3.0.17+dfsg/debian/patches/0001-EAP-pwd-fix-DoS-due-to-multithreaded-BN_CTX-access.patch	1970-01-01 02:00:00.000000000 +0200
+++ freeradius-3.0.17+dfsg/debian/patches/0001-EAP-pwd-fix-DoS-due-to-multithreaded-BN_CTX-access.patch	2022-08-27 22:27:54.000000000 +0300
@@ -0,0 +1,137 @@
+From 6b522f8780813726799e6b8cf0f1f8e0ce2c8ebf Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@nyu.edu>
+Date: Fri, 4 Oct 2019 17:53:52 +0400
+Subject: EAP-pwd: fix DoS due to multithreaded BN_CTX access
+
+The EAP-pwd module created one global OpenSSL BN_CTX instance, and
+used this instance in all incoming requests. This means that different
+threads used the same BN_CTX instance, which can result in a crash.
+An adversary can trigger these crashes by concurrently initiating
+multiple EAP-pwd handshakes from different clients.
+
+Fix this bug by creating a separate BN_CTX instance for each request.
+---
+ .../rlm_eap/types/rlm_eap_pwd/eap_pwd.h       |  1 +
+ .../rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c   | 24 +++++++++----------
+ .../rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.h   |  2 --
+ 3 files changed, 13 insertions(+), 14 deletions(-)
+
+diff --git a/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.h b/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.h
+index 013a6e7992..ca12778f61 100644
+--- a/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.h
++++ b/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.h
+@@ -90,6 +90,7 @@ typedef struct _pwd_session_t {
+     uint8_t *out;     /* message to fragment */
+     size_t out_pos;
+     size_t out_len;
++    BN_CTX *bnctx;
+     EC_GROUP *group;
+     EC_POINT *pwe;
+     BIGNUM *order;
+diff --git a/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c b/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c
+index 76cc57023e..eefca985d7 100644
+--- a/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c
++++ b/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c
+@@ -55,8 +55,6 @@ static int mod_detach (void *arg)
+ 
+ 	inst = (eap_pwd_t *) arg;
+ 
+-	if (inst->bnctx) BN_CTX_free(inst->bnctx);
+-
+ 	return 0;
+ }
+ 
+@@ -76,11 +74,6 @@ static int mod_instantiate (CONF_SECTION *cs, void **instance)
+ 		return -1;
+ 	}
+ 
+-	if ((inst->bnctx = BN_CTX_new()) == NULL) {
+-		cf_log_err_cs(cs, "Failed to get BN context");
+-		return -1;
+-	}
+-
+ 	return 0;
+ }
+ 
+@@ -96,6 +89,7 @@ static int _free_pwd_session (pwd_session_t *session)
+ 	EC_POINT_clear_free(session->pwe);
+ 	BN_clear_free(session->order);
+ 	BN_clear_free(session->prime);
++	BN_CTX_free(session->bnctx);
+ 
+ 	return 0;
+ }
+@@ -217,6 +211,12 @@ static int mod_session_init (void *instance, eap_handler_t *handler)
+ 	session->order = NULL;
+ 	session->prime = NULL;
+ 
++	session->bnctx = BN_CTX_new();
++	if (session->bnctx == NULL) {
++		ERROR("rlm_eap_pwd: Failed to get BN context");
++		return 0;
++	}
++
+ 	/*
+ 	 *	The admin can dynamically change the MTU.
+ 	 */
+@@ -496,7 +496,7 @@ static int mod_process(void *arg, eap_handler_t *handler)
+ 		/*
+ 		 * compute our scalar and element
+ 		 */
+-		if (compute_scalar_element(session, inst->bnctx)) {
++		if (compute_scalar_element(session, session->bnctx)) {
+ 			DEBUG2("failed to compute server's scalar and element");
+ 			return 0;
+ 		}
+@@ -508,7 +508,7 @@ static int mod_process(void *arg, eap_handler_t *handler)
+ 		 * element is a point, get both coordinates: x and y
+ 		 */
+ 		if (!EC_POINT_get_affine_coordinates_GFp(session->group, session->my_element, x, y,
+-							 inst->bnctx)) {
++							 session->bnctx)) {
+ 			DEBUG2("server point assignment failed");
+ 			BN_clear_free(x);
+ 			BN_clear_free(y);
+@@ -552,7 +552,7 @@ static int mod_process(void *arg, eap_handler_t *handler)
+ 		/*
+ 		 * process the peer's commit and generate the shared key, k
+ 		 */
+-		if (process_peer_commit(session, in, in_len, inst->bnctx)) {
++		if (process_peer_commit(session, in, in_len, session->bnctx)) {
+ 			RDEBUG2("failed to process peer's commit");
+ 			return 0;
+ 		}
+@@ -560,7 +560,7 @@ static int mod_process(void *arg, eap_handler_t *handler)
+ 		/*
+ 		 * compute our confirm blob
+ 		 */
+-		if (compute_server_confirm(session, session->my_confirm, inst->bnctx)) {
++		if (compute_server_confirm(session, session->my_confirm, session->bnctx)) {
+ 			ERROR("rlm_eap_pwd: failed to compute confirm!");
+ 			return 0;
+ 		}
+@@ -591,7 +591,7 @@ static int mod_process(void *arg, eap_handler_t *handler)
+ 			RDEBUG2("pwd exchange is incorrect: not commit!");
+ 			return 0;
+ 		}
+-		if (compute_peer_confirm(session, peer_confirm, inst->bnctx)) {
++		if (compute_peer_confirm(session, peer_confirm, session->bnctx)) {
+ 			RDEBUG2("pwd exchange cannot compute peer's confirm");
+ 			return 0;
+ 		}
+diff --git a/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.h b/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.h
+index 189530d066..2264566bb6 100644
+--- a/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.h
++++ b/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.h
+@@ -40,8 +40,6 @@
+ #include <freeradius-devel/modules.h>
+ 
+ typedef struct _eap_pwd_t {
+-    BN_CTX *bnctx;
+-
+     uint32_t	group;
+     uint32_t	fragment_size;
+     char const	*server_id;
+-- 
+2.30.2
+
diff -Nru freeradius-3.0.17+dfsg/debian/patches/0001-EAP-pwd-fix-side-channel-leak-where-1-in-2018-handsh.patch freeradius-3.0.17+dfsg/debian/patches/0001-EAP-pwd-fix-side-channel-leak-where-1-in-2018-handsh.patch
--- freeradius-3.0.17+dfsg/debian/patches/0001-EAP-pwd-fix-side-channel-leak-where-1-in-2018-handsh.patch	1970-01-01 02:00:00.000000000 +0200
+++ freeradius-3.0.17+dfsg/debian/patches/0001-EAP-pwd-fix-side-channel-leak-where-1-in-2018-handsh.patch	2022-08-27 22:28:06.000000000 +0300
@@ -0,0 +1,40 @@
+From 3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <mathy.vanhoef@nyu.edu>
+Date: Wed, 5 Jun 2019 19:21:06 +0000
+Subject: EAP-pwd: fix side-channel leak where 1 in 2018 handshakes fail
+
+Previously the Hunting and Pecking algorithm of EAP-pwd aborted when
+more than 10 iterations are needed. Every iteration has a 50% chance
+of finding the password element. This means one in every 2048 handshakes
+will fail, in which case an error frame is sent to the client. This
+event leaks information that can be abused in an offline password
+brute-force attack. More precisely, the adversary learns that all 10
+iterations failed for the given random EAP-pwd token. Using the same
+techniques as in the Dragonblood attack, this can be used to brute-force
+the password.
+
+This patch fixes the above issue by executing enough iterations such that
+the password element is always found eventually.
+
+Note that timing and cache leaks remain a risk against the current
+implementation of EAP-pwd.
+---
+ src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c b/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c
+index c54f08c030..d94851c3aa 100644
+--- a/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c
++++ b/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c
+@@ -192,7 +192,7 @@ int compute_password_element (pwd_session_t *session, uint16_t grp_num,
+ 	}
+ 	ctr = 0;
+ 	while (1) {
+-		if (ctr > 10) {
++		if (ctr > 100) {
+ 			DEBUG("unable to find random point on curve for group %d, something's fishy", grp_num);
+ 			goto fail;
+ 		}
+-- 
+2.30.2
+
diff -Nru freeradius-3.0.17+dfsg/debian/patches/allocate-from-the-request.diff freeradius-3.0.17+dfsg/debian/patches/allocate-from-the-request.diff
--- freeradius-3.0.17+dfsg/debian/patches/allocate-from-the-request.diff	1970-01-01 02:00:00.000000000 +0200
+++ freeradius-3.0.17+dfsg/debian/patches/allocate-from-the-request.diff	2022-08-27 22:25:46.000000000 +0300
@@ -0,0 +1,34 @@
+From 7875ca06d1e312f55107c5e369097c7cb5369b53 Mon Sep 17 00:00:00 2001
+From: "Alan T. DeKok" <aland@freeradius.org>
+Date: Thu, 5 Aug 2021 11:22:12 -0400
+Subject: [PATCH] allocate from the request, which is thread-safe.  Helps with
+ #3188
+
+The "check" item is taken from the "huntgroups" file.  It's in
+a statically allocated list which doesn't change, and shouldn't
+change during run-time.  Allocating memory in its context is
+not thread-safe, and can cause issues
+---
+ src/main/pair.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/main/pair.c b/src/main/pair.c
+index 2f736d74cf7..3725ba1e10b 100644
+--- a/src/main/pair.c
++++ b/src/main/pair.c
+@@ -84,13 +84,13 @@ int radius_compare_vps(UNUSED REQUEST *request, VALUE_PAIR *check, VALUE_PAIR *v
+ 		if (check->da->type == PW_TYPE_STRING) {
+ 			expr_p = check->vp_strvalue;
+ 		} else {
+-			expr_p = expr = vp_aprints_value(check, check, '\0');
++			expr_p = expr = vp_aprints_value(request, check, '\0');
+ 		}
+ 
+ 		if (vp->da->type == PW_TYPE_STRING) {
+ 			value_p = vp->vp_strvalue;
+ 		} else {
+-			value_p = value = vp_aprints_value(vp, vp, '\0');
++			value_p = value = vp_aprints_value(request, vp, '\0');
+ 		}
+ 
+ 		if (!expr_p || !value_p) {
diff -Nru freeradius-3.0.17+dfsg/debian/patches/series freeradius-3.0.17+dfsg/debian/patches/series
--- freeradius-3.0.17+dfsg/debian/patches/series	2019-04-23 00:23:36.000000000 +0300
+++ freeradius-3.0.17+dfsg/debian/patches/series	2022-08-27 22:29:25.000000000 +0300
@@ -10,3 +10,6 @@
 snakeoil-certs.diff
 CVE-2019-11234-1.patch
 CVE-2019-11234-2.patch
+0001-EAP-pwd-fix-DoS-due-to-multithreaded-BN_CTX-access.patch
+0001-EAP-pwd-fix-side-channel-leak-where-1-in-2018-handsh.patch
+allocate-from-the-request.diff

--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 10.13

Hi,

Each of the updates referenced in these bugs was included in today's
10.13 point release.

Regards,

Adam

--- End Message ---
Reply to: