aboutsummaryrefslogtreecommitdiffstats
path: root/contrib/ntp/ntpd/ntp_crypto.c
diff options
context:
space:
mode:
authorDag-Erling Smørgrav <des@FreeBSD.org>2014-12-23 22:53:03 +0000
committerDag-Erling Smørgrav <des@FreeBSD.org>2014-12-23 22:53:03 +0000
commiteec2228f5545242471ebda48e26e79eb85156ee5 (patch)
tree2a94c6b6551f656a353dd6ab147668e43ecde45c /contrib/ntp/ntpd/ntp_crypto.c
parente9e69dbafd7921c68a66e87702c0583a2be20823 (diff)
downloadsrc-releng/9.1.tar.gz
src-releng/9.1.zip
[SA-14:31] Fix multiple vulnerabilities in NTP suite.releng/9.1
[EN-14:13] Fix directory deletion issue in freebsd-update. Approved by: so
Notes
Notes: svn path=/releng/9.1/; revision=276155
Diffstat (limited to 'contrib/ntp/ntpd/ntp_crypto.c')
-rw-r--r--contrib/ntp/ntpd/ntp_crypto.c22
1 files changed, 17 insertions, 5 deletions
diff --git a/contrib/ntp/ntpd/ntp_crypto.c b/contrib/ntp/ntpd/ntp_crypto.c
index cce95a8e1ea3..37427f4ee6c5 100644
--- a/contrib/ntp/ntpd/ntp_crypto.c
+++ b/contrib/ntp/ntpd/ntp_crypto.c
@@ -864,12 +864,24 @@ crypto_recv(
* errors.
*/
if (vallen == (u_int) EVP_PKEY_size(host_pkey)) {
- RSA_private_decrypt(vallen,
+ u_int32 *cookiebuf = malloc(
+ RSA_size(host_pkey->pkey.rsa));
+ if (cookiebuf == NULL) {
+ rval = XEVNT_CKY;
+ break;
+ }
+ if (RSA_private_decrypt(vallen,
(u_char *)ep->pkt,
- (u_char *)&temp32,
+ (u_char *)cookiebuf,
host_pkey->pkey.rsa,
- RSA_PKCS1_OAEP_PADDING);
- cookie = ntohl(temp32);
+ RSA_PKCS1_OAEP_PADDING) != 4) {
+ rval = XEVNT_CKY;
+ free(cookiebuf);
+ break;
+ } else {
+ cookie = ntohl(*cookiebuf);
+ free(cookiebuf);
+ }
} else {
rval = XEVNT_CKY;
break;
@@ -3914,7 +3926,7 @@ crypto_setup(void)
rand_file);
exit (-1);
}
- get_systime(&seed);
+ arc4random_buf(&seed, sizeof(l_fp));
RAND_seed(&seed, sizeof(l_fp));
RAND_write_file(rand_file);
OpenSSL_add_all_algorithms();