The Samba-Bugzilla – Attachment 17609 Details for
Bug 15103
CVE-2022-1615 [SECURITY] GnuTLS gnutls_rnd() can fail and give predictable random values
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Backport patch for 4.15
0001-util-genrand-don-t-ignore-errors-in-random-number-ge.patch (text/plain), 2.91 KB, created by
David Mulder
on 2022-11-01 19:18:23 UTC
(
hide
)
Description:
Backport patch for 4.15
Filename:
MIME Type:
Creator:
David Mulder
Created:
2022-11-01 19:18:23 UTC
Size:
2.91 KB
patch
obsolete
>From 579f8db4e8d6a8b553caeba44e771ba21c6c7c12 Mon Sep 17 00:00:00 2001 >From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >Date: Mon, 5 Aug 2019 00:10:53 +1200 >Subject: [PATCH] util/genrand: don't ignore errors in random number generation > >In this case it is probably better to crash out. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15103 > >Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit 9849e7440e30853c61a80ce1f11b7b244ed766fe) >--- > lib/util/genrand.c | 29 ++++++++++++++++++++++++++--- > lib/util/wscript_build | 2 +- > 2 files changed, 27 insertions(+), 4 deletions(-) > >diff --git a/lib/util/genrand.c b/lib/util/genrand.c >index 18ffa0d95e6..fd6f457d27d 100644 >--- a/lib/util/genrand.c >+++ b/lib/util/genrand.c >@@ -20,6 +20,7 @@ > */ > > #include "replace.h" >+#include "lib/util/fault.h" > #include "lib/util/genrand.h" > > #include <gnutls/gnutls.h> >@@ -31,10 +32,26 @@ > * https://nikmav.blogspot.com/2017/03/improving-by-simplifying-gnutls-prng.html > */ > >+ >+_NORETURN_ static void genrand_panic(int err, >+ const char *location, >+ const char *func) >+{ >+ char buf[200]; >+ snprintf(buf, sizeof(buf), >+ "%s:%s: GnuTLS could not generate a random buffer: %s [%d]\n", >+ location, func, gnutls_strerror_name(err), err); >+ smb_panic(buf); >+} >+ >+ > _PUBLIC_ void generate_random_buffer(uint8_t *out, int len) > { > /* Random number generator for temporary keys. */ >- gnutls_rnd(GNUTLS_RND_RANDOM, out, len); >+ int ret = gnutls_rnd(GNUTLS_RND_RANDOM, out, len); >+ if (ret != 0) { >+ genrand_panic(ret, __location__, __func__); >+ } > } > > _PUBLIC_ void generate_secret_buffer(uint8_t *out, int len) >@@ -48,7 +65,10 @@ _PUBLIC_ void generate_secret_buffer(uint8_t *out, int len) > * the limit for a re-seed. For its re-seed it mixes mixes data obtained > * from the OS random device with the previous key. > */ >- gnutls_rnd(GNUTLS_RND_KEY, out, len); >+ int ret = gnutls_rnd(GNUTLS_RND_KEY, out, len); >+ if (ret != 0) { >+ genrand_panic(ret, __location__, __func__); >+ } > } > > _PUBLIC_ void generate_nonce_buffer(uint8_t *out, int len) >@@ -60,5 +80,8 @@ _PUBLIC_ void generate_nonce_buffer(uint8_t *out, int len) > * bytes (typically few megabytes), or after few hours of operation > * without reaching the limit has passed. > */ >- gnutls_rnd(GNUTLS_RND_NONCE, out, len); >+ int ret = gnutls_rnd(GNUTLS_RND_NONCE, out, len); >+ if (ret != 0) { >+ genrand_panic(ret, __location__, __func__); >+ } > } >diff --git a/lib/util/wscript_build b/lib/util/wscript_build >index 839d3c2e2e9..5452b98cc08 100644 >--- a/lib/util/wscript_build >+++ b/lib/util/wscript_build >@@ -139,7 +139,7 @@ bld.SAMBA_LIBRARY('msghdr', > > bld.SAMBA_LIBRARY('genrand', > source='genrand.c', >- deps='replace gnutls', >+ deps='replace gnutls smb-panic', > local_include=False, > private_library=True) > >-- >2.37.2 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 15103
:
17386
|
17389
|
17390
| 17609