Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

try to fix CVE-2009-0021 (incorrect check of EVP_VerifyFinal()'s 

return value)
(This is not an official patch and possible incomplete.)
This commit is contained in:
drochner 2009-01-08 14:50:56 +00:00
parent bf744d30ef
commit bba265ee2d
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dist/ntp/ntpd/ntp_crypto.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntp_crypto.c,v 1.13 2007/07/06 21:19:33 kardel Exp $ */
/* $NetBSD: ntp_crypto.c,v 1.14 2009/01/08 14:50:56 drochner Exp $ */
/*
* ntp_crypto.c - NTP version 4 public key routines
@ -1614,7 +1614,7 @@ crypto_verify(
*/
EVP_VerifyInit(&ctx, peer->digest);
EVP_VerifyUpdate(&ctx, (u_char *)&ep->tstamp, vallen + 12);
if (!EVP_VerifyFinal(&ctx, (u_char *)&ep->pkt[i], siglen, pkey))
if (EVP_VerifyFinal(&ctx, (u_char *)&ep->pkt[i], siglen, pkey) <= 0)
return (XEVNT_SIG);
if (peer->crypto & CRYPTO_FLAG_VRFY) {