summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta-networking/recipes-connectivity/samba/samba/CVE-2022-45142.patch51
-rw-r--r--meta-networking/recipes-connectivity/samba/samba_4.14.14.bb1
2 files changed, 52 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-45142.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-45142.patch
new file mode 100644
index 0000000000..d6b9826e4b
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-45142.patch
@@ -0,0 +1,51 @@
1From: Helmut Grohne <helmut@...divi.de>
2Subject: [PATCH v3] CVE-2022-45142: gsskrb5: fix accidental logic inversions
3
4The referenced commit attempted to fix miscompilations with gcc-9 and
5gcc-10 by changing `memcmp(...)` to `memcmp(...) != 0`. Unfortunately,
6it also inverted the result of the comparison in two occasions. This
7inversion happened during backporting the patch to 7.7.1 and 7.8.0.
8
9Fixes: f6edaafcfefd ("gsskrb5: CVE-2022-3437 Use constant-time memcmp()
10 for arcfour unwrap")
11Signed-off-by: Helmut Grohne <helmut@...divi.de>
12
13Upstream-Status: Backport [https://www.openwall.com/lists/oss-security/2023/02/08/1]
14CVE: CVE-2022-45142
15
16Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
17---
18 lib/gssapi/krb5/arcfour.c | 4 ++--
19 1 file changed, 2 insertions(+), 2 deletions(-)
20
21Changes since v1:
22 * Fix typo in commit message.
23 * Mention 7.8.0 in commit message. Thanks to Jeffrey Altman.
24
25Changes since v2:
26 * Add CVE identifier.
27
28diff --git a/lib/gssapi/krb5/arcfour.c b/lib/gssapi/krb5/arcfour.c
29index e838d007a..eee6ad72f 100644
30--- a/lib/gssapi/krb5/arcfour.c
31+++ b/lib/gssapi/krb5/arcfour.c
32@@ -365,7 +365,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
33 return GSS_S_FAILURE;
34 }
35
36- cmp = (ct_memcmp(cksum_data, p + 8, 8) == 0);
37+ cmp = (ct_memcmp(cksum_data, p + 8, 8) != 0);
38 if (cmp) {
39 *minor_status = 0;
40 return GSS_S_BAD_MIC;
41@@ -730,7 +730,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
42 return GSS_S_FAILURE;
43 }
44
45- cmp = (ct_memcmp(cksum_data, p0 + 16, 8) == 0); /* SGN_CKSUM */
46+ cmp = (ct_memcmp(cksum_data, p0 + 16, 8) != 0); /* SGN_CKSUM */
47 if (cmp) {
48 _gsskrb5_release_buffer(minor_status, output_message_buffer);
49 *minor_status = 0;
50--
512.38.1
diff --git a/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb b/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb
index 39ba851942..cc07d51dc5 100644
--- a/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb
+++ b/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb
@@ -30,6 +30,7 @@ SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \
30 file://CVE-2022-3437-0006.patch;patchdir=source4/heimdal \ 30 file://CVE-2022-3437-0006.patch;patchdir=source4/heimdal \
31 file://CVE-2022-3437-0007.patch;patchdir=source4/heimdal \ 31 file://CVE-2022-3437-0007.patch;patchdir=source4/heimdal \
32 file://CVE-2022-3437-0008.patch;patchdir=source4/heimdal \ 32 file://CVE-2022-3437-0008.patch;patchdir=source4/heimdal \
33 file://CVE-2022-45142.patch;patchdir=source4/heimdal \
33 " 34 "
34 35
35SRC_URI:append:libc-musl = " \ 36SRC_URI:append:libc-musl = " \