]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4a2b92d) | patch
heimdal: Fix CVE-2022-4152, signature validation error
authorCy Schubert <cy@FreeBSD.org>
Fri, 10 Mar 2023 01:03:52 +0000 (17:03 -0800)
committerCy Schubert <cy@FreeBSD.org>
Fri, 10 Mar 2023 01:18:49 +0000 (17:18 -0800)
commit5abaf0866445a61c11665fffc148ecd13a7bb9ac
tree861ef84386a4526f0fbecea3ef29dfed2edb8ac3tree | snapshot
parent4a2b92d99fee987e87a5c3789e0892ab6e680018commit | diff
heimdal: Fix CVE-2022-4152, signature validation error

When CVE-2022-3437 was fixed by changing memcmp to be a constant
time and the workaround for th e compiler was to add "!=0". However
the logic implmented was inverted resulting in CVE-2022-4152.

Reported by: Timothy E Zingelman <zingelman _AT_ fnal.gov>
MFC after: 1 day
Security: CVE-2022-4152
Security: https://www.cve.org/CVERecord?id=CVE-2022-45142
Security: https://nvd.nist.gov/vuln/detail/CVE-2022-45142
Security: https://security-tracker.debian.org/tracker/CVE-2022-45142
Security: https://bugs.gentoo.org/show_bug.cgi?id=CVE-2022-45142
Security: https://bugzilla.samba.org/show_bug.cgi?id=15296
Security: https://www.openwall.com/lists/oss-security/2023/02/08/1
crypto/heimdal/lib/gssapi/krb5/arcfour.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.