Commit 910e54f78be43dac636e1e6437f278c2cb12fa4f - freeradius

Import upstream patches for CVE-2019-11234 / CVE-2019-11235 Closes: #926958 Bernhard Schmidt 5 years ago

4 changed file(s) with 101 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all

-0

debian/changelog less more

	0	freeradius (3.0.17+dfsg-1.1) unstable; urgency=high
	1
	2	* Non-maintainer upload.
	3	* Cherry-Pick upstream commits to fix CVE-2019-11234 / CVE-2019-11235 /
	4	VU#871675 (Invalid Curve Attack and Reflection Attack on EAP-PWD, leading
	5	to authentication bypass) (Closes: #926958)
	6
	7	-- Bernhard Schmidt <berni@debian.org> Mon, 22 Apr 2019 23:23:36 +0200
	8
0	9	freeradius (3.0.17+dfsg-1) unstable; urgency=medium
1	10
2	11	* stop using pristine-tar

+59

-0

debian/patches/CVE-2019-11234-1.patch less more

	0	From 85497b5ff37ccb656895b826b88585898c209586 Mon Sep 17 00:00:00 2001
	1	From: Mathy Vanhoef <mathy.vanhoef@nyu.edu>
	2	Date: Tue, 9 Apr 2019 15:17:19 -0400
	3	Subject: [PATCH] When processing an EAP-pwd Commit frame, the peer's scalar
	4	and elliptic curve point were not validated. This allowed an adversary to
	5	bypass authentication, and impersonate any user.
	6
	7	Fix this vulnerability by assuring the received scalar lies within the valid
	8	range, and by checking that the received element is not the point at infinity
	9	and lies on the elliptic curve being used.
	10	---
	11	.../rlm_eap/types/rlm_eap_pwd/eap_pwd.c \| 22 +++++++++++++++++++
	12	1 file changed, 22 insertions(+)
	13
	14	diff --git a/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c b/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c
	15	index 7f91e4b230..848ca2055e 100644
	16	--- a/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c
	17	+++ b/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c
	18	@@ -373,11 +373,26 @@ int process_peer_commit (pwd_session_t session, uint8_t in, size_t in_len, BN_
	19	data_len = BN_num_bytes(session->order);
	20	BN_bin2bn(ptr, data_len, session->peer_scalar);
	21
	22	+ /* validate received scalar */
	23	+ if (BN_is_zero(session->peer_scalar) \|\|
	24	+ BN_is_one(session->peer_scalar) \|\|
	25	+ BN_cmp(session->peer_scalar, session->order) >= 0) {
	26	+ ERROR("Peer's scalar is not within the allowed range");
	27	+ goto finish;
	28	+ }
	29	+
	30	if (!EC_POINT_set_affine_coordinates_GFp(session->group, session->peer_element, x, y, bnctx)) {
	31	DEBUG2("pwd: unable to get coordinates of peer's element");
	32	goto finish;
	33	}
	34
	35	+ /* validate received element */
	36	+ if (!EC_POINT_is_on_curve(session->group, session->peer_element, bn_ctx) \|\|
	37	+ EC_POINT_is_at_infinity(session->group, session->peer_element)) {
	38	+ ERROR("Peer's element is not a point on the elliptic curve");
	39	+ goto finish;
	40	+ }
	41	+
	42	/* check to ensure peer's element is not in a small sub-group */
	43	if (BN_cmp(cofactor, BN_value_one())) {
	44	if (!EC_POINT_mul(session->group, point, NULL, session->peer_element, cofactor, NULL)) {
	45	@@ -391,6 +406,13 @@ int process_peer_commit (pwd_session_t session, uint8_t in, size_t in_len, BN_
	46	}
	47	}
	48
	49	+ /* detect reflection attacks */
	50	+ if (BN_cmp(session->peer_scalar, session->my_scalar) == 0 \|\|
	51	+ EC_POINT_cmp(session->group, session->peer_element, session->my_element, bn_ctx) == 0) {
	52	+ ERROR("Reflection attack detected");
	53	+ goto finish;
	54	+ }
	55	+
	56	/* compute the shared key, k */
	57	if ((!EC_POINT_mul(session->group, K, NULL, session->pwe, session->peer_scalar, bnctx)) \|\|
	58	(!EC_POINT_add(session->group, K, K, session->peer_element, bnctx)) \|\|

+31

-0

debian/patches/CVE-2019-11234-2.patch less more

	0	From ab4c767099f263a7cd4109bcdca80ee74210a769 Mon Sep 17 00:00:00 2001
	1	From: Matthew Newton <matthew-git@newtoncomputing.co.uk>
	2	Date: Wed, 10 Apr 2019 10:11:23 +0100
	3	Subject: [PATCH] fix incorrectly named variable
	4
	5	---
	6	src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c \| 4 ++--
	7	1 file changed, 2 insertions(+), 2 deletions(-)
	8
	9	diff --git a/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c b/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c
	10	index 848ca2055e..c54f08c030 100644
	11	--- a/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c
	12	+++ b/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c
	13	@@ -387,7 +387,7 @@ int process_peer_commit (pwd_session_t session, uint8_t in, size_t in_len, BN_
	14	}
	15
	16	/* validate received element */
	17	- if (!EC_POINT_is_on_curve(session->group, session->peer_element, bn_ctx) \|\|
	18	+ if (!EC_POINT_is_on_curve(session->group, session->peer_element, bnctx) \|\|
	19	EC_POINT_is_at_infinity(session->group, session->peer_element)) {
	20	ERROR("Peer's element is not a point on the elliptic curve");
	21	goto finish;
	22	@@ -408,7 +408,7 @@ int process_peer_commit (pwd_session_t session, uint8_t in, size_t in_len, BN_
	23
	24	/* detect reflection attacks */
	25	if (BN_cmp(session->peer_scalar, session->my_scalar) == 0 \|\|
	26	- EC_POINT_cmp(session->group, session->peer_element, session->my_element, bn_ctx) == 0) {
	27	+ EC_POINT_cmp(session->group, session->peer_element, session->my_element, bnctx) == 0) {
	28	ERROR("Reflection attack detected");
	29	goto finish;
	30	}

-0

debian/patches/series less more

7	7	dont-install-tests.diff
8	8	mkdirp.diff
9	9	snakeoil-certs.diff
	10	CVE-2019-11234-1.patch
	11	CVE-2019-11234-2.patch