From owner-svn-src-releng@freebsd.org Wed Sep 2 20:07:07 2015 Return-Path: Delivered-To: svn-src-releng@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4FA8F9C982D; Wed, 2 Sep 2015 20:07:07 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3E98FA73; Wed, 2 Sep 2015 20:07:07 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t82K77VZ003860; Wed, 2 Sep 2015 20:07:07 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t82K74P8003849; Wed, 2 Sep 2015 20:07:04 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201509022007.t82K74P8003849@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Wed, 2 Sep 2015 20:07:04 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r287410 - in releng/9.3: . contrib/bind9/lib/dns contrib/bind9/lib/dns/include/dst sys/conf X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Sep 2015 20:07:07 -0000 Author: delphij Date: Wed Sep 2 20:07:03 2015 New Revision: 287410 URL: https://svnweb.freebsd.org/changeset/base/287410 Log: Fix remote denial of service vulnerability when parsing malformed key. Security: CVE-2015-5722 Security: FreeBSD-SA-15:23.bind Approved by: so Modified: releng/9.3/UPDATING releng/9.3/contrib/bind9/lib/dns/hmac_link.c releng/9.3/contrib/bind9/lib/dns/include/dst/dst.h releng/9.3/contrib/bind9/lib/dns/ncache.c releng/9.3/contrib/bind9/lib/dns/openssldh_link.c releng/9.3/contrib/bind9/lib/dns/openssldsa_link.c releng/9.3/contrib/bind9/lib/dns/opensslecdsa_link.c releng/9.3/contrib/bind9/lib/dns/opensslrsa_link.c releng/9.3/contrib/bind9/lib/dns/resolver.c releng/9.3/sys/conf/newvers.sh Modified: releng/9.3/UPDATING ============================================================================== --- releng/9.3/UPDATING Wed Sep 2 20:06:46 2015 (r287409) +++ releng/9.3/UPDATING Wed Sep 2 20:07:03 2015 (r287410) @@ -11,6 +11,10 @@ handbook: Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20150902: p25 FreeBSD-SA-15:23.bind + + Fix BIND remote denial of service vulnerability. [SA-15:23] + 20150825: p24 FreeBSD-SA-15:21.amd64 FreeBSD-SA-15:22.openssh FreeBSD-EN-15:15.pkg Modified: releng/9.3/contrib/bind9/lib/dns/hmac_link.c ============================================================================== --- releng/9.3/contrib/bind9/lib/dns/hmac_link.c Wed Sep 2 20:06:46 2015 (r287409) +++ releng/9.3/contrib/bind9/lib/dns/hmac_link.c Wed Sep 2 20:07:03 2015 (r287410) @@ -76,7 +76,7 @@ hmacmd5_createctx(dst_key_t *key, dst_co hmacmd5ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacmd5_t)); if (hmacmd5ctx == NULL) return (ISC_R_NOMEMORY); - isc_hmacmd5_init(hmacmd5ctx, hkey->key, ISC_SHA1_BLOCK_LENGTH); + isc_hmacmd5_init(hmacmd5ctx, hkey->key, ISC_MD5_BLOCK_LENGTH); dctx->ctxdata.hmacmd5ctx = hmacmd5ctx; return (ISC_R_SUCCESS); } @@ -139,7 +139,7 @@ hmacmd5_compare(const dst_key_t *key1, c else if (hkey1 == NULL || hkey2 == NULL) return (ISC_FALSE); - if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH)) + if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_MD5_BLOCK_LENGTH)) return (ISC_TRUE); else return (ISC_FALSE); @@ -150,17 +150,17 @@ hmacmd5_generate(dst_key_t *key, int pse isc_buffer_t b; isc_result_t ret; unsigned int bytes; - unsigned char data[ISC_SHA1_BLOCK_LENGTH]; + unsigned char data[ISC_MD5_BLOCK_LENGTH]; UNUSED(callback); bytes = (key->key_size + 7) / 8; - if (bytes > ISC_SHA1_BLOCK_LENGTH) { - bytes = ISC_SHA1_BLOCK_LENGTH; - key->key_size = ISC_SHA1_BLOCK_LENGTH * 8; + if (bytes > ISC_MD5_BLOCK_LENGTH) { + bytes = ISC_MD5_BLOCK_LENGTH; + key->key_size = ISC_MD5_BLOCK_LENGTH * 8; } - memset(data, 0, ISC_SHA1_BLOCK_LENGTH); + memset(data, 0, ISC_MD5_BLOCK_LENGTH); ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0)); if (ret != ISC_R_SUCCESS) @@ -169,7 +169,7 @@ hmacmd5_generate(dst_key_t *key, int pse isc_buffer_init(&b, data, bytes); isc_buffer_add(&b, bytes); ret = hmacmd5_fromdns(key, &b); - memset(data, 0, ISC_SHA1_BLOCK_LENGTH); + memset(data, 0, ISC_MD5_BLOCK_LENGTH); return (ret); } @@ -223,7 +223,7 @@ hmacmd5_fromdns(dst_key_t *key, isc_buff memset(hkey->key, 0, sizeof(hkey->key)); - if (r.length > ISC_SHA1_BLOCK_LENGTH) { + if (r.length > ISC_MD5_BLOCK_LENGTH) { isc_md5_init(&md5ctx); isc_md5_update(&md5ctx, r.base, r.length); isc_md5_final(&md5ctx, hkey->key); @@ -236,6 +236,8 @@ hmacmd5_fromdns(dst_key_t *key, isc_buff key->key_size = keylen * 8; key->keydata.hmacmd5 = hkey; + isc_buffer_forward(data, r.length); + return (ISC_R_SUCCESS); } @@ -512,6 +514,8 @@ hmacsha1_fromdns(dst_key_t *key, isc_buf key->key_size = keylen * 8; key->keydata.hmacsha1 = hkey; + isc_buffer_forward(data, r.length); + return (ISC_R_SUCCESS); } @@ -790,6 +794,8 @@ hmacsha224_fromdns(dst_key_t *key, isc_b key->key_size = keylen * 8; key->keydata.hmacsha224 = hkey; + isc_buffer_forward(data, r.length); + return (ISC_R_SUCCESS); } @@ -1068,6 +1074,8 @@ hmacsha256_fromdns(dst_key_t *key, isc_b key->key_size = keylen * 8; key->keydata.hmacsha256 = hkey; + isc_buffer_forward(data, r.length); + return (ISC_R_SUCCESS); } @@ -1346,6 +1354,8 @@ hmacsha384_fromdns(dst_key_t *key, isc_b key->key_size = keylen * 8; key->keydata.hmacsha384 = hkey; + isc_buffer_forward(data, r.length); + return (ISC_R_SUCCESS); } @@ -1624,6 +1634,8 @@ hmacsha512_fromdns(dst_key_t *key, isc_b key->key_size = keylen * 8; key->keydata.hmacsha512 = hkey; + isc_buffer_forward(data, r.length); + return (ISC_R_SUCCESS); } Modified: releng/9.3/contrib/bind9/lib/dns/include/dst/dst.h ============================================================================== --- releng/9.3/contrib/bind9/lib/dns/include/dst/dst.h Wed Sep 2 20:06:46 2015 (r287409) +++ releng/9.3/contrib/bind9/lib/dns/include/dst/dst.h Wed Sep 2 20:07:03 2015 (r287410) @@ -69,6 +69,7 @@ typedef struct dst_context dst_context_ #define DST_ALG_HMACSHA256 163 /* XXXMPA */ #define DST_ALG_HMACSHA384 164 /* XXXMPA */ #define DST_ALG_HMACSHA512 165 /* XXXMPA */ +#define DST_ALG_INDIRECT 252 #define DST_ALG_PRIVATE 254 #define DST_ALG_EXPAND 255 #define DST_MAX_ALGS 255 Modified: releng/9.3/contrib/bind9/lib/dns/ncache.c ============================================================================== --- releng/9.3/contrib/bind9/lib/dns/ncache.c Wed Sep 2 20:06:46 2015 (r287409) +++ releng/9.3/contrib/bind9/lib/dns/ncache.c Wed Sep 2 20:07:03 2015 (r287410) @@ -614,13 +614,11 @@ dns_ncache_getsigrdataset(dns_rdataset_t dns_name_fromregion(&tname, &remaining); INSIST(remaining.length >= tname.length); isc_buffer_forward(&source, tname.length); - remaining.length -= tname.length; - remaining.base += tname.length; + isc_region_consume(&remaining, tname.length); INSIST(remaining.length >= 2); type = isc_buffer_getuint16(&source); - remaining.length -= 2; - remaining.base += 2; + isc_region_consume(&remaining, 2); if (type != dns_rdatatype_rrsig || !dns_name_equal(&tname, name)) { @@ -632,8 +630,7 @@ dns_ncache_getsigrdataset(dns_rdataset_t INSIST(remaining.length >= 1); trust = isc_buffer_getuint8(&source); INSIST(trust <= dns_trust_ultimate); - remaining.length -= 1; - remaining.base += 1; + isc_region_consume(&remaining, 1); raw = remaining.base; count = raw[0] * 256 + raw[1]; Modified: releng/9.3/contrib/bind9/lib/dns/openssldh_link.c ============================================================================== --- releng/9.3/contrib/bind9/lib/dns/openssldh_link.c Wed Sep 2 20:06:46 2015 (r287409) +++ releng/9.3/contrib/bind9/lib/dns/openssldh_link.c Wed Sep 2 20:07:03 2015 (r287410) @@ -266,8 +266,10 @@ openssldh_destroy(dst_key_t *key) { static void uint16_toregion(isc_uint16_t val, isc_region_t *region) { - *region->base++ = (val & 0xff00) >> 8; - *region->base++ = (val & 0x00ff); + *region->base = (val & 0xff00) >> 8; + isc_region_consume(region, 1); + *region->base = (val & 0x00ff); + isc_region_consume(region, 1); } static isc_uint16_t @@ -278,7 +280,8 @@ uint16_fromregion(isc_region_t *region) val = ((unsigned int)(cp[0])) << 8; val |= ((unsigned int)(cp[1])); - region->base += 2; + isc_region_consume(region, 2); + return (val); } @@ -319,16 +322,16 @@ openssldh_todns(const dst_key_t *key, is } else BN_bn2bin(dh->p, r.base); - r.base += plen; + isc_region_consume(&r, plen); uint16_toregion(glen, &r); if (glen > 0) BN_bn2bin(dh->g, r.base); - r.base += glen; + isc_region_consume(&r, glen); uint16_toregion(publen, &r); BN_bn2bin(dh->pub_key, r.base); - r.base += publen; + isc_region_consume(&r, publen); isc_buffer_add(data, dnslen); @@ -369,10 +372,12 @@ openssldh_fromdns(dst_key_t *key, isc_bu return (DST_R_INVALIDPUBLICKEY); } if (plen == 1 || plen == 2) { - if (plen == 1) - special = *r.base++; - else + if (plen == 1) { + special = *r.base; + isc_region_consume(&r, 1); + } else { special = uint16_fromregion(&r); + } switch (special) { case 1: dh->p = &bn768; @@ -387,10 +392,9 @@ openssldh_fromdns(dst_key_t *key, isc_bu DH_free(dh); return (DST_R_INVALIDPUBLICKEY); } - } - else { + } else { dh->p = BN_bin2bn(r.base, plen, NULL); - r.base += plen; + isc_region_consume(&r, plen); } /* @@ -421,15 +425,14 @@ openssldh_fromdns(dst_key_t *key, isc_bu return (DST_R_INVALIDPUBLICKEY); } } - } - else { + } else { if (glen == 0) { DH_free(dh); return (DST_R_INVALIDPUBLICKEY); } dh->g = BN_bin2bn(r.base, glen, NULL); } - r.base += glen; + isc_region_consume(&r, glen); if (r.length < 2) { DH_free(dh); @@ -441,7 +444,7 @@ openssldh_fromdns(dst_key_t *key, isc_bu return (DST_R_INVALIDPUBLICKEY); } dh->pub_key = BN_bin2bn(r.base, publen, NULL); - r.base += publen; + isc_region_consume(&r, publen); key->key_size = BN_num_bits(dh->p); Modified: releng/9.3/contrib/bind9/lib/dns/openssldsa_link.c ============================================================================== --- releng/9.3/contrib/bind9/lib/dns/openssldsa_link.c Wed Sep 2 20:06:46 2015 (r287409) +++ releng/9.3/contrib/bind9/lib/dns/openssldsa_link.c Wed Sep 2 20:07:03 2015 (r287410) @@ -29,8 +29,6 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id$ */ - #ifdef OPENSSL #ifndef USE_EVP #define USE_EVP 1 @@ -137,6 +135,7 @@ openssldsa_sign(dst_context_t *dctx, isc DSA *dsa = key->keydata.dsa; isc_region_t r; DSA_SIG *dsasig; + unsigned int klen; #if USE_EVP EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx; EVP_PKEY *pkey; @@ -188,6 +187,7 @@ openssldsa_sign(dst_context_t *dctx, isc ISC_R_FAILURE)); } free(sigbuf); + #elif 0 /* Only use EVP for the Digest */ if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &siglen)) { @@ -209,11 +209,17 @@ openssldsa_sign(dst_context_t *dctx, isc "DSA_do_sign", DST_R_SIGNFAILURE)); #endif - *r.base++ = (key->key_size - 512)/64; + + klen = (key->key_size - 512)/64; + if (klen > 255) + return (ISC_R_FAILURE); + *r.base = klen; + isc_region_consume(&r, 1); + BN_bn2bin_fixed(dsasig->r, r.base, ISC_SHA1_DIGESTLENGTH); - r.base += ISC_SHA1_DIGESTLENGTH; + isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); BN_bn2bin_fixed(dsasig->s, r.base, ISC_SHA1_DIGESTLENGTH); - r.base += ISC_SHA1_DIGESTLENGTH; + isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); DSA_SIG_free(dsasig); isc_buffer_add(sig, ISC_SHA1_DIGESTLENGTH * 2 + 1); @@ -446,15 +452,16 @@ openssldsa_todns(const dst_key_t *key, i if (r.length < (unsigned int) dnslen) return (ISC_R_NOSPACE); - *r.base++ = t; + *r.base = t; + isc_region_consume(&r, 1); BN_bn2bin_fixed(dsa->q, r.base, ISC_SHA1_DIGESTLENGTH); - r.base += ISC_SHA1_DIGESTLENGTH; + isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); BN_bn2bin_fixed(dsa->p, r.base, key->key_size/8); - r.base += p_bytes; + isc_region_consume(&r, p_bytes); BN_bn2bin_fixed(dsa->g, r.base, key->key_size/8); - r.base += p_bytes; + isc_region_consume(&r, p_bytes); BN_bn2bin_fixed(dsa->pub_key, r.base, key->key_size/8); - r.base += p_bytes; + isc_region_consume(&r, p_bytes); isc_buffer_add(data, dnslen); @@ -479,29 +486,30 @@ openssldsa_fromdns(dst_key_t *key, isc_b return (ISC_R_NOMEMORY); dsa->flags &= ~DSA_FLAG_CACHE_MONT_P; - t = (unsigned int) *r.base++; + t = (unsigned int) *r.base; + isc_region_consume(&r, 1); if (t > 8) { DSA_free(dsa); return (DST_R_INVALIDPUBLICKEY); } p_bytes = 64 + 8 * t; - if (r.length < 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) { + if (r.length < ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) { DSA_free(dsa); return (DST_R_INVALIDPUBLICKEY); } dsa->q = BN_bin2bn(r.base, ISC_SHA1_DIGESTLENGTH, NULL); - r.base += ISC_SHA1_DIGESTLENGTH; + isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); dsa->p = BN_bin2bn(r.base, p_bytes, NULL); - r.base += p_bytes; + isc_region_consume(&r, p_bytes); dsa->g = BN_bin2bn(r.base, p_bytes, NULL); - r.base += p_bytes; + isc_region_consume(&r, p_bytes); dsa->pub_key = BN_bin2bn(r.base, p_bytes, NULL); - r.base += p_bytes; + isc_region_consume(&r, p_bytes); key->key_size = p_bytes * 8; Modified: releng/9.3/contrib/bind9/lib/dns/opensslecdsa_link.c ============================================================================== --- releng/9.3/contrib/bind9/lib/dns/opensslecdsa_link.c Wed Sep 2 20:06:46 2015 (r287409) +++ releng/9.3/contrib/bind9/lib/dns/opensslecdsa_link.c Wed Sep 2 20:07:03 2015 (r287410) @@ -14,8 +14,6 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id$ */ - #include #ifdef HAVE_OPENSSL_ECDSA @@ -159,9 +157,9 @@ opensslecdsa_sign(dst_context_t *dctx, i "ECDSA_do_sign", DST_R_SIGNFAILURE)); BN_bn2bin_fixed(ecdsasig->r, r.base, siglen / 2); - r.base += siglen / 2; + isc_region_consume(&r, siglen / 2); BN_bn2bin_fixed(ecdsasig->s, r.base, siglen / 2); - r.base += siglen / 2; + isc_region_consume(&r, siglen / 2); ECDSA_SIG_free(ecdsasig); isc_buffer_add(sig, siglen); ret = ISC_R_SUCCESS; Modified: releng/9.3/contrib/bind9/lib/dns/opensslrsa_link.c ============================================================================== --- releng/9.3/contrib/bind9/lib/dns/opensslrsa_link.c Wed Sep 2 20:06:46 2015 (r287409) +++ releng/9.3/contrib/bind9/lib/dns/opensslrsa_link.c Wed Sep 2 20:07:03 2015 (r287410) @@ -965,6 +965,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_b RSA *rsa; isc_region_t r; unsigned int e_bytes; + unsigned int length; #if USE_EVP EVP_PKEY *pkey; #endif @@ -972,6 +973,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_b isc_buffer_remainingregion(data, &r); if (r.length == 0) return (ISC_R_SUCCESS); + length = r.length; rsa = RSA_new(); if (rsa == NULL) @@ -982,17 +984,18 @@ opensslrsa_fromdns(dst_key_t *key, isc_b RSA_free(rsa); return (DST_R_INVALIDPUBLICKEY); } - e_bytes = *r.base++; - r.length--; + e_bytes = *r.base; + isc_region_consume(&r, 1); if (e_bytes == 0) { if (r.length < 2) { RSA_free(rsa); return (DST_R_INVALIDPUBLICKEY); } - e_bytes = ((*r.base++) << 8); - e_bytes += *r.base++; - r.length -= 2; + e_bytes = (*r.base) << 8; + isc_region_consume(&r, 1); + e_bytes += *r.base; + isc_region_consume(&r, 1); } if (r.length < e_bytes) { @@ -1000,14 +1003,13 @@ opensslrsa_fromdns(dst_key_t *key, isc_b return (DST_R_INVALIDPUBLICKEY); } rsa->e = BN_bin2bn(r.base, e_bytes, NULL); - r.base += e_bytes; - r.length -= e_bytes; + isc_region_consume(&r, e_bytes); rsa->n = BN_bin2bn(r.base, r.length, NULL); key->key_size = BN_num_bits(rsa->n); - isc_buffer_forward(data, r.length); + isc_buffer_forward(data, length); #if USE_EVP pkey = EVP_PKEY_new(); Modified: releng/9.3/contrib/bind9/lib/dns/resolver.c ============================================================================== --- releng/9.3/contrib/bind9/lib/dns/resolver.c Wed Sep 2 20:06:46 2015 (r287409) +++ releng/9.3/contrib/bind9/lib/dns/resolver.c Wed Sep 2 20:07:03 2015 (r287410) @@ -8937,6 +8937,12 @@ dns_resolver_algorithm_supported(dns_res REQUIRE(VALID_RESOLVER(resolver)); + /* + * DH is unsupported for DNSKEYs, see RFC 4034 sec. A.1. + */ + if ((alg == DST_ALG_DH) || (alg == DST_ALG_INDIRECT)) + return (ISC_FALSE); + #if USE_ALGLOCK RWLOCK(&resolver->alglock, isc_rwlocktype_read); #endif @@ -8956,6 +8962,7 @@ dns_resolver_algorithm_supported(dns_res #endif if (found) return (ISC_FALSE); + return (dst_algorithm_supported(alg)); } Modified: releng/9.3/sys/conf/newvers.sh ============================================================================== --- releng/9.3/sys/conf/newvers.sh Wed Sep 2 20:06:46 2015 (r287409) +++ releng/9.3/sys/conf/newvers.sh Wed Sep 2 20:07:03 2015 (r287410) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="9.3" -BRANCH="RELEASE-p24" +BRANCH="RELEASE-p25" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi