Security fixes for sid. CVE-2017-7478 & CVE-2017-7479debian/2.4.0-5

author: Alberto Gonzalez Iniesta <agi@inittab.org> 2017-05-11 14:20:52 +0200
committer: Alberto Gonzalez Iniesta <agi@inittab.org> 2017-05-11 14:20:52 +0200
commit: de39933a5c67a449c4c31e4e8f0c1d2c218c8c6c (patch)
tree: ab0cde60215daea4e84cce2c003caaf84586806c /debian/patches/wipe_tokens_on_de-auth.patch
parent: 39c2d4f2279614bae0c1debb25b12585e5e7c372 (diff)
1 files changed, 118 insertions, 0 deletions
diff --git a/debian/patches/wipe_tokens_on_de-auth.patch b/debian/patches/wipe_tokens_on_de-auth.patch
new file mode 100644
index 0000000..8db560f
--- /dev/null
+++ b/debian/patches/wipe_tokens_on_de-auth.patch
@@ -0,0 +1,118 @@
+From daab0a9fa8ff4f40e8a34707db0ac156d49fbfcb Mon Sep 17 00:00:00 2001
+From: David Sommerseth <davids@openvpn.net>
+Date: Tue, 28 Mar 2017 22:53:46 +0200
+Subject: [PATCH] auth-token: Ensure tokens are always wiped on de-auth
+
+If tls_deauthenticate() was called, it could in some scenarios leave the
+authentication token for a session in memory.  This change just ensures
+auth-tokens are always wiped as soon as a TLS session is considered
+broken.
+
+Signed-off-by: David Sommerseth <davids@openvpn.net>
+
+Acked-by: Steffan Karger <steffan@karger.me>
+Message-Id: <20170328205346.18844-1-davids@openvpn.net>
+URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14344.html
+Signed-off-by: David Sommerseth <davids@openvpn.net>
+---
+ src/openvpn/ssl_verify.c | 47 +++++++++++++++++++++++++++--------------------
+ 1 file changed, 27 insertions(+), 20 deletions(-)
+
+Index: openvpn-2.4.0/src/openvpn/ssl_verify.c
+===================================================================
+--- openvpn-2.4.0.orig/src/openvpn/ssl_verify.c
++++ openvpn-2.4.0/src/openvpn/ssl_verify.c
+@@ -80,6 +80,28 @@ setenv_untrusted(struct tls_session *ses
+     setenv_link_socket_actual(session->opt->es, "untrusted", &session->untrusted_addr, SA_IP_PORT);
+ }
+ 
++
++/**
++ *  Wipes the authentication token out of the memory, frees and cleans up related buffers and flags
++ *
++ *  @param multi  Pointer to a multi object holding the auth_token variables
++ */
++static void
++wipe_auth_token(struct tls_multi *multi)
++{
++    if(multi)
++    {
++        if (multi->auth_token)
++        {
++            secure_memzero(multi->auth_token, AUTH_TOKEN_SIZE);
++            free(multi->auth_token);
++        }
++        multi->auth_token = NULL;
++        multi->auth_token_sent = false;
++    }
++}
++
++
+ /*
+  * Remove authenticated state from all sessions in the given tunnel
+  */
+@@ -88,10 +110,14 @@ tls_deauthenticate(struct tls_multi *mul
+ {
+     if (multi)
+     {
+-        int i, j;
+-        for (i = 0; i < TM_SIZE; ++i)
+-            for (j = 0; j < KS_SIZE; ++j)
++        wipe_auth_token(multi);
++        for (int i = 0; i < TM_SIZE; ++i)
++        {
++            for (int j = 0; j < KS_SIZE; ++j)
++            {
+                 multi->session[i].key[j].authenticated = false;
++            }
++        }
+     }
+ }
+ 
+@@ -1213,21 +1239,6 @@ verify_user_pass_management(struct tls_s
+ }
+ #endif /* ifdef MANAGEMENT_DEF_AUTH */
+ 
+-/**
+- *  Wipes the authentication token out of the memory, frees and cleans up related buffers and flags
+- *
+- *  @param multi  Pointer to a multi object holding the auth_token variables
+- */
+-static void
+-wipe_auth_token(struct tls_multi *multi)
+-{
+-    secure_memzero(multi->auth_token, AUTH_TOKEN_SIZE);
+-    free(multi->auth_token);
+-    multi->auth_token = NULL;
+-    multi->auth_token_sent = false;
+-}
+-
+-
+ /*
+  * Main username/password verification entry point
+  */
+@@ -1279,7 +1290,7 @@ verify_user_pass(struct user_pass *up, s
+         /* Ensure that the username has not changed */
+         if (!tls_lock_username(multi, up->username))
+         {
+-            wipe_auth_token(multi);
++            /* auth-token cleared in tls_lock_username() on failure */
+             ks->authenticated = false;
+             goto done;
+         }
+@@ -1300,7 +1311,6 @@ verify_user_pass(struct user_pass *up, s
+         if (memcmp_constant_time(multi->auth_token, up->password,
+                                  strlen(multi->auth_token)) != 0)
+         {
+-            wipe_auth_token(multi);
+             ks->authenticated = false;
+             tls_deauthenticate(multi);
+ 
+@@ -1472,6 +1482,7 @@ verify_final_auth_checks(struct tls_mult
+         if (!cn || !strcmp(cn, CCD_DEFAULT) || !test_file(path))
+         {
+             ks->authenticated = false;
++            wipe_auth_token(multi);
+             msg(D_TLS_ERRORS, "TLS Auth Error: --client-config-dir authentication failed for common name '%s' file='%s'",
+                 session->common_name,
+                 path ? path : "UNDEF");
author	Alberto Gonzalez Iniesta <agi@inittab.org>	2017-05-11 14:20:52 +0200
committer	Alberto Gonzalez Iniesta <agi@inittab.org>	2017-05-11 14:20:52 +0200
commit	de39933a5c67a449c4c31e4e8f0c1d2c218c8c6c (patch)
tree	ab0cde60215daea4e84cce2c003caaf84586806c /debian/patches/wipe_tokens_on_de-auth.patch
parent	39c2d4f2279614bae0c1debb25b12585e5e7c372 (diff)