Bug 1271165 - m2crypto: pbkdf2 function crashes when given 74 byte result as argument
m2crypto: pbkdf2 function crashes when given 74 byte result as argument
Status: CLOSED CURRENTRELEASE
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20150325,repor...
: Security
: 1270318 (view as bug list)
Depends On: 1276630
Blocks: 1271166
  Show dependency treegraph
 
Reported: 2015-10-13 06:03 EDT by Adam Mariš
Modified: 2016-04-26 09:44 EDT (History)
28 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-11-30 14:11:29 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Adam Mariš 2015-10-13 06:03:05 EDT
A bug was found in pbkdf2 function of m2crypto package, such that when given a 74 byte result, a buffer overflow occurs leading to crash of the application.

For reproducer and backtrace, see product bug:

https://bugzilla.redhat.com/show_bug.cgi?id=1270318
Comment 1 Stefan Cornelius 2015-10-29 12:52:31 EDT
The root cause is a stack-based buffer overflow in the pkcs5_pbkdf2_hmac_sha1() function in SWIG/_evp.i 

It defines the following stack-based buffer:
 unsigned char key[EVP_MAX_KEY_LENGTH];   // usually 64byte

and later calls this function, which takes in "keylen" and fills "key". if "keylen" is larger than EVP_MAX_KEY_LENGTH, it overflows the stack-based buffer.

    PKCS5_PBKDF2_HMAC_SHA1(passbuf, passlen, saltbuf, saltlen, iter,
                           keylen, key);

A simple sanity check of keylen (both that it's not larger than EVP_MAX_KEY_LENGTH and not negative) before calling PKCS5_PBKDF2_HMAC_SHA1 should be enough to prevent this. This function should be protected by stack canaries, so code execution is mitigated, but there may be a minimal remaining risk that it's still possible.
Comment 2 Stefan Cornelius 2015-10-30 06:13:41 EDT
*** Bug 1270318 has been marked as a duplicate of this bug. ***
Comment 3 Stefan Cornelius 2015-10-30 06:35:11 EDT
Created m2crypto tracking bugs for this issue:

Affects: fedora-all [bug 1276630]
Comment 4 Miloslav Trmač 2015-11-02 15:28:11 EST
https://gitlab.com/m2crypto/m2crypto/merge_requests/8
Comment 5 Fedora Update System 2015-11-19 04:59:47 EST
m2crypto-0.22.5-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2015-11-19 07:22:41 EST
m2crypto-0.22.5-2.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2015-11-20 18:24:17 EST
m2crypto-0.22.5-2.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
Comment 8 Matěj Cepl 2015-11-30 14:11:29 EST
This has been fixed, right?

Note You need to log in before you can comment on or make changes to this bug.