[12093] in Kerberos-V5-bugs


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[krbdev.mit.edu #6959] cms_signeddata_verify has unsafe error

daemon@ATHENA.MIT.EDU (Sam Hartman via RT)
Sat Sep 10 09:10:23 2011

Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Sam Hartman via RT" <rt-comment@krbdev.MIT.EDU>
In-Reply-To: <rt-6959@krbdev.mit.edu>
Message-ID: <rt-6959-34280.8.90832616541935@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #6959'":;"'AdminCc of krbdev.mit.edu Ticket #6959'":;@MIT.EDU
Date: Sat, 10 Sep 2011 09:10:04 -0400 (EDT)
Reply-To: rt-comment@krbdev.MIT.EDU
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu


I felt the need to add the following comment to cms_signeddata_verify

    /*                                                                          
     * Warning: Since most openssl functions do not set retval, large chunks of
     * this function assume that retval is always a failure and may go to       
     * cleanup without setting retval explicitly. Make sure retval is not set   
     * to 0 or errors such as signature verification failure may be converted   
     * to success with significant security consequences.                       

If anyone accidentally inserted a k5alloc or anything else that set retval, it would be really bad.
I'd recommend refactoring that function.
Since I'm not doing that now I'm opening a bug to track.

_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[12093] in Kerberos-V5-bugs

[krbdev.mit.edu #6959] cms_signeddata_verify has unsafe error

daemon@ATHENA.MIT.EDU (Sam Hartman via RT)Sat Sep 10 09:10:23 2011

daemon@ATHENA.MIT.EDU (Sam Hartman via RT)
Sat Sep 10 09:10:23 2011