Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 277876 - <dev-libs/xmlsec-1.2.12 XML signature HMAC truncation authentication bypass (CVE-2009-0217)
Summary: <dev-libs/xmlsec-1.2.12 XML signature HMAC truncation authentication bypass (...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~3 [noglsa]
Keywords:
Depends on: CVE-2009-0217
Blocks:
  Show dependency tree
 
Reported: 2009-07-15 00:55 UTC by Robert Buchholz (RETIRED)
Modified: 2009-07-29 18:18 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2009-07-15 00:55:38 UTC
+++ This bug was initially created as a clone of Bug #277872 +++
Please see the blocker for vulnerability details.

These are the patches that went into 1.2.12:
http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7
http://git.gnome.org/cgit/xmlsec/commit/?id=d4ac1a621f88a923b17394530e333a3086ebe206

The default of 40 is not a sufficiently high minimum. We need to coordinate with upstream to get this defaulting to 80 or half of the hmac digest length.
Comment 1 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2009-07-15 23:28:40 UTC
(In reply to comment #0)
> The default of 40 is not a sufficiently high minimum. We need to coordinate
> with upstream to get this defaulting to 80 or half of the hmac digest length.

So what value should I commit?
Comment 2 Tiziano Müller (RETIRED) gentoo-dev 2009-07-27 13:44:29 UTC
well, as soon you know which value to put there: I have an updated ebuild in my overlay which fixes the magic deps and allows sane selection of the backend crypto algorithm engine (http://git.overlays.gentoo.org/gitweb/?p=dev/dev-zero.git;a=commit;h=e0ef22253bce302604694d5f6c5ab76c3987ac9b)
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2009-07-27 19:51:19 UTC
upstream hard coded 80 now. This is the minimum value for <=160 bit HMACS. Since an attacker can opt to send signed messages with SHA1 anyway (and search only a 2^80 space), the impact of that value on SHA2-512 and other longer HMACs is limited.
Fix is in (unreleased) 1.2.13, and here:
http://git.gnome.org/cgit/xmlsec/commit/?id=c07c1961dc8a08d81dad6c1fd984acd09ae99028

Please apply, or bug upstream to release.
Comment 4 Tiziano Müller (RETIRED) gentoo-dev 2009-07-27 20:23:41 UTC
Ok, diff from git applies cleanly and tests seem to run.
Updated ebuild with patch is in my overlay: http://git.overlays.gentoo.org/gitweb/?p=dev/dev-zero.git;a=commit;h=cf3694febe57e8612e1e362e2f68ae90f1d86c80

@crypto: I can also move my ebuild to the tree with your blessing.
Comment 5 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2009-07-29 16:11:37 UTC
(In reply to comment #4)
> Ok, diff from git applies cleanly and tests seem to run.

Apparently you haven't noticed that this patch causes segmentation fault on 64-bit architectures, which is hopefully early caught by Portage, and causes build failure on these architectures :) .

 * QA Notice: Package has poor programming practices which may compile
 *            fine but exhibit random runtime failures.               
 * hmac.c:388: warning: implicit declaration of function ‘xmlSecBase64Encode’

 * 
 * QA Notice: Package has poor programming practices which may compile
 *            but will almost certainly crash on 64bit architectures. 
 *                                                                    
 * Function `xmlSecBase64Encode' implicitly converted to pointer at hmac.c:388
 *                                                                            
 *  Please file a bug about this at http://bugs.gentoo.org/                   
 *  with the maintaining herd of the package.                                 
 *                                                                            
 *                                                                            
 * ERROR: dev-libs/xmlsec-1.2.12 failed.                                      
 * Call stack:                                                                
 *       misc-functions.sh, line 730:  Called install_qa_check                
 *       misc-functions.sh, line 422:  Called die                             
 * The specific snippet of code:                                              
 *                              die "install aborted due to" \                
 *  The die message:                                                          
 *   install aborted due to poor programming practices shown above
Comment 6 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2009-07-29 16:24:43 UTC
(In reply to comment #5)

I forgot to say that it is default behavior even without FEATURES="stricter".
Comment 7 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2009-07-29 16:38:39 UTC
dev-libs/xmlsec-1.2.12 is now in the tree.
Comment 8 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2009-07-29 16:49:31 UTC
(In reply to comment #2)
> I have an updated ebuild in my overlay which fixes the magic deps and allows
> sane selection of the backend crypto algorithm engine

Please file separate bugs for suggested improvements for the ebuild.
Comment 9 Tiziano Müller (RETIRED) gentoo-dev 2009-07-29 18:18:36 UTC
(In reply to comment #8)
> (In reply to comment #2)
> > I have an updated ebuild in my overlay which fixes the magic deps and allows
> > sane selection of the backend crypto algorithm engine
> 
> Please file separate bugs for suggested improvements for the ebuild.
> 

What? Would it have been too hard to just take a look at it and commit a proper ebuild instead of a dumb version bump which just happens to fix a security bug but with magic deps, etc.?