Index: trunk/Makefile.in =================================================================== --- trunk/Makefile.in (revision 224) +++ trunk/Makefile.in (revision 225) @@ -1674,5 +1674,5 @@ sh_kern.o: $(srcsrc)/sh_kern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_kern.h sh_ks_xor.h $(srcinc)/sh_unix.h $(srcinc)/sh_hash.h sh_suidchk.o: $(srcsrc)/sh_suidchk.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_hash.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_schedule.h $(srcinc)/sh_calls.h -sh_srp.o: $(srcsrc)/sh_srp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mem.h $(srcinc)/sh_utils.h $(srcinc)/sh_srp.h $(srcinc)/bignum.h +sh_srp.o: $(srcsrc)/sh_srp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mem.h $(srcinc)/sh_utils.h $(srcinc)/sh_srp.h $(srcinc)/bignum.h $(srcinc)/CuTest.h sh_fifo.o: $(srcsrc)/sh_fifo.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_fifo.h sh_tools.o: $(srcsrc)/sh_tools.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_error.h $(srcinc)/sh_tools.h $(srcinc)/sh_utils.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/rijndael-api-fst.h $(srcinc)/rijndael-api-fst.h Index: trunk/configure.ac =================================================================== --- trunk/configure.ac (revision 224) +++ trunk/configure.ac (revision 225) @@ -12,5 +12,5 @@ dnl start dnl -AM_INIT_AUTOMAKE(samhain, 2.5.3) +AM_INIT_AUTOMAKE(samhain, 2.5.4) AC_DEFINE([SAMHAIN], 1, [Application is samhain]) AC_CANONICAL_HOST Index: trunk/depend.dep =================================================================== --- trunk/depend.dep (revision 224) +++ trunk/depend.dep (revision 225) @@ -22,5 +22,5 @@ sh_kern.o: $(srcsrc)/sh_kern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_kern.h sh_ks_xor.h $(srcinc)/sh_unix.h $(srcinc)/sh_hash.h sh_suidchk.o: $(srcsrc)/sh_suidchk.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_hash.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_schedule.h $(srcinc)/sh_calls.h -sh_srp.o: $(srcsrc)/sh_srp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mem.h $(srcinc)/sh_utils.h $(srcinc)/sh_srp.h $(srcinc)/bignum.h +sh_srp.o: $(srcsrc)/sh_srp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mem.h $(srcinc)/sh_utils.h $(srcinc)/sh_srp.h $(srcinc)/bignum.h $(srcinc)/CuTest.h sh_fifo.o: $(srcsrc)/sh_fifo.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_fifo.h sh_tools.o: $(srcsrc)/sh_tools.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_error.h $(srcinc)/sh_tools.h $(srcinc)/sh_utils.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/rijndael-api-fst.h $(srcinc)/rijndael-api-fst.h Index: trunk/depend.sum =================================================================== --- trunk/depend.sum (revision 224) +++ trunk/depend.sum (revision 225) @@ -1,1 +1,1 @@ -3041707433 +2676345821 Index: trunk/docs/Changelog =================================================================== --- trunk/docs/Changelog (revision 224) +++ trunk/docs/Changelog (revision 225) @@ -1,3 +1,5 @@ 2.5.4: + * fix for incorrect input check in SRP implementation (discovered + by Thomas Ptacek) * option KernelCheckPCI to switch off check of PCI expansion ROMs Index: trunk/src/sh_forward.c =================================================================== --- trunk/src/sh_forward.c (revision 224) +++ trunk/src/sh_forward.c (revision 225) @@ -1200,5 +1200,5 @@ /* --- Now send H(A,B,H(Sc)) and check. --- */ - if (foo_Sc != NULL) + if (foo_Sc != NULL && 0 == sh_srp_check_zero (foo_Sc)) { sh_srp_M(foo_A, @@ -4157,5 +4157,6 @@ conn->A, conn->client_entry->verifier); - if (foo_Ss == NULL) + + if (foo_Ss == NULL || 0 != sh_srp_check_zero (foo_Ss)) { status_update (conn->client_entry, CLT_FAILED); Index: trunk/src/sh_srp.c =================================================================== --- trunk/src/sh_srp.c (revision 224) +++ trunk/src/sh_srp.c (revision 225) @@ -388,4 +388,5 @@ if (res != BIG_OK) val = (-1); else if (0 != big_zerop(&AB) ) val = (-1); /* 0 != (sign == 0) */ + else if (0 != big_zerop(&r) ) val = (-1); /* 0 != (sign == 0) */ else val = 0; @@ -711,4 +712,95 @@ - - +#ifdef SH_CUTEST +#include "CuTest.h" + +void Test_srp (CuTest *tc) +{ +#if defined(USE_SRP_PROTOCOL) && (defined (SH_WITH_CLIENT) || defined (SH_WITH_SERVER)) + + int result; + char modulus[80*4]; + bignum a, b, c; + bigerr_t res; + char *str = NULL; + + res = sh_srp_init(); + CuAssertTrue(tc, res == 0); + + (void) sl_strlcpy(modulus, SRP_MODULUS_1024_1, sizeof(modulus)); + (void) sl_strlcat(modulus, SRP_MODULUS_1024_2, sizeof(modulus)); + (void) sl_strlcat(modulus, SRP_MODULUS_1024_3, sizeof(modulus)); + (void) sl_strlcat(modulus, SRP_MODULUS_1024_4, sizeof(modulus)); + + res = big_create(&a); + CuAssertTrue(tc, res == BIG_OK); + + /* Check plain zero + */ + result = sh_srp_check_zero ("0"); + CuAssertTrue(tc, result != 0); + + res = big_set_string ("0", 16, &a); + CuAssertTrue(tc, res == BIG_OK); + + result = sh_srp_check_zero (big_string(&a, 16)); + CuAssertTrue(tc, result != 0); + + /* Check modulus (equals 0 % M) + */ + result = sh_srp_check_zero (modulus); + CuAssertTrue(tc, result != 0); + + res = big_set_string (modulus, 16, &a); + CuAssertTrue(tc, res == BIG_OK); + + result = sh_srp_check_zero (big_string(&a, 16)); + CuAssertTrue(tc, result != 0); + + /* Check non-zero + */ + modulus[0] = 'a'; + + result = sh_srp_check_zero (modulus); + CuAssertTrue(tc, result == 0); + + res = big_set_string (modulus, 16, &a); + CuAssertTrue(tc, res == BIG_OK); + + result = sh_srp_check_zero (big_string(&a, 16)); + CuAssertTrue(tc, result == 0); + + modulus[0] = 'f'; + + /* Check multiple of modulus + */ + res = big_set_string (modulus, 16, &a); + CuAssertTrue(tc, res == BIG_OK); + + res = big_create(&b); + CuAssertTrue(tc, res == BIG_OK); + + res = big_create(&c); + CuAssertTrue(tc, res == BIG_OK); + + res = big_set_string ("deadbeef", 16, &b); + CuAssertTrue(tc, res == BIG_OK); + + res = big_mul (&a, &b, &c); + CuAssertTrue(tc, res == BIG_OK); + + str = strdup(big_string (&c, 16)); + CuAssertPtrNotNull(tc, str); + + result = sh_srp_check_zero (str); + CuAssertTrue(tc, result != 0); + +#else + (void) tc; /* fix compiler warning */ +#endif + return; +} +#endif + + + Index: trunk/test/testhash.sh =================================================================== --- trunk/test/testhash.sh (revision 224) +++ trunk/test/testhash.sh (revision 225) @@ -37,5 +37,5 @@ fi # - ${TOP_SRCDIR}/configure --quiet $TRUST --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file --enable-debug + ${TOP_SRCDIR}/configure --quiet $TRUST --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file --enable-debug # fail=0