[Pkg-swan-devel] [Git][debian/strongswan][debian/buster-security] 4 commits: gbp.conf: revert upstream branch name change for now

Wed Jan 26 14:07:02 GMT 2022


Yves-Alexis Perez pushed to branch debian/buster-security at Debian / strongswan


Commits:
12e18a44 by Yves-Alexis Perez at 2021-10-22T13:06:14+02:00
gbp.conf: revert upstream branch name change for now

5.7 is still in upstream/latest

- - - - -
aeb83f75 by Yves-Alexis Perez at 2022-01-10T17:53:12+01:00
eap-authenticator: Enforce failure if MSK generation fails

Fix incorrect handling of Early EAP-Success Messages (CVE-2021-45079)

- - - - -
aa67a931 by Yves-Alexis Perez at 2022-01-10T17:54:12+01:00
finalize changelog

- - - - -
9fa3d19d by Yves-Alexis Perez at 2022-01-22T00:07:58+01:00
upload strongSwan 5.7.2-1+deb10u2 to buster-security

- - - - -


4 changed files:

- debian/changelog
- debian/gbp.conf
- + debian/patches/0007-eap-authenticator-Enforce-failure-if-MSK-generation-.patch
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,11 @@
+strongswan (5.7.2-1+deb10u2) buster-security; urgency=medium
+
+  * gbp.conf: revert upstream branch name change for now
+  * eap-authenticator: Enforce failure if MSK generation fails
+    -  Fix incorrect handling of Early EAP-Success Messages (CVE-2021-45079)
+
+ -- Yves-Alexis Perez <corsac at debian.org>  Fri, 21 Jan 2022 15:45:18 +0100
+
 strongswan (5.7.2-1+deb10u1) buster-security; urgency=medium
 
   * Reject RSASSA-PSS params with negative salt length


=====================================
debian/gbp.conf
=====================================
@@ -1,4 +1,4 @@
 [DEFAULT]
 pristine-tar = True
 debian-branch = debian/buster-security
-upstream-branch = upstream/5.7
+upstream-branch = upstream/latest


=====================================
debian/patches/0007-eap-authenticator-Enforce-failure-if-MSK-generation-.patch
=====================================
@@ -0,0 +1,147 @@
+From: Tobias Brunner <tobias at strongswan.org>
+Date: Tue, 14 Dec 2021 10:51:35 +0100
+Subject: eap-authenticator: Enforce failure if MSK generation fails
+
+Without this, the authentication succeeded if the server sent an early
+EAP-Success message for mutual, key-generating EAP methods like EAP-TLS,
+which may be used in EAP-only scenarios but would complete without server
+or client authentication.  For clients configured for such EAP-only
+scenarios, a rogue server could capture traffic after the tunnel is
+established or even access hosts behind the client.  For non-mutual EAP
+methods, public key server authentication has been enforced for a while.
+
+A server previously could also crash a client by sending an EAP-Success
+immediately without initiating an actual EAP method.
+
+Fixes: 0706c39cda52 ("added support for EAP methods not establishing an MSK")
+Fixes: CVE-2021-45079
+---
+ src/libcharon/plugins/eap_gtc/eap_gtc.c            |  2 +-
+ src/libcharon/plugins/eap_md5/eap_md5.c            |  2 +-
+ src/libcharon/plugins/eap_radius/eap_radius.c      |  4 ++-
+ src/libcharon/sa/eap/eap_method.h                  |  8 +++++-
+ .../sa/ikev2/authenticators/eap_authenticator.c    | 32 +++++++++++++++++++---
+ 5 files changed, 40 insertions(+), 8 deletions(-)
+
+diff --git a/src/libcharon/plugins/eap_gtc/eap_gtc.c b/src/libcharon/plugins/eap_gtc/eap_gtc.c
+index 3434ef1..a5ffc37 100644
+--- a/src/libcharon/plugins/eap_gtc/eap_gtc.c
++++ b/src/libcharon/plugins/eap_gtc/eap_gtc.c
+@@ -195,7 +195,7 @@ METHOD(eap_method_t, get_type, eap_type_t,
+ METHOD(eap_method_t, get_msk, status_t,
+ 	private_eap_gtc_t *this, chunk_t *msk)
+ {
+-	return FAILED;
++	return NOT_SUPPORTED;
+ }
+ 
+ METHOD(eap_method_t, get_identifier, uint8_t,
+diff --git a/src/libcharon/plugins/eap_md5/eap_md5.c b/src/libcharon/plugins/eap_md5/eap_md5.c
+index ab5f7ff..3a92ad7 100644
+--- a/src/libcharon/plugins/eap_md5/eap_md5.c
++++ b/src/libcharon/plugins/eap_md5/eap_md5.c
+@@ -213,7 +213,7 @@ METHOD(eap_method_t, get_type, eap_type_t,
+ METHOD(eap_method_t, get_msk, status_t,
+ 	private_eap_md5_t *this, chunk_t *msk)
+ {
+-	return FAILED;
++	return NOT_SUPPORTED;
+ }
+ 
+ METHOD(eap_method_t, is_mutual, bool,
+diff --git a/src/libcharon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c
+index ae1371b..0335cef 100644
+--- a/src/libcharon/plugins/eap_radius/eap_radius.c
++++ b/src/libcharon/plugins/eap_radius/eap_radius.c
+@@ -733,7 +733,9 @@ METHOD(eap_method_t, get_msk, status_t,
+ 		*out = msk;
+ 		return SUCCESS;
+ 	}
+-	return FAILED;
++	/* we assume the selected method did not establish an MSK, if it failed
++	 * to establish one, process() would have failed */
++	return NOT_SUPPORTED;
+ }
+ 
+ METHOD(eap_method_t, get_identifier, uint8_t,
+diff --git a/src/libcharon/sa/eap/eap_method.h b/src/libcharon/sa/eap/eap_method.h
+index 34041e3..7a2c537 100644
+--- a/src/libcharon/sa/eap/eap_method.h
++++ b/src/libcharon/sa/eap/eap_method.h
+@@ -114,10 +114,16 @@ struct eap_method_t {
+ 	 * Not all EAP methods establish a shared secret. For implementations of
+ 	 * the EAP-Identity method, get_msk() returns the received identity.
+ 	 *
++	 * @note Returning NOT_SUPPORTED is important for implementations of EAP
++	 * methods that don't establish an MSK.  In particular as client because
++	 * key-generating EAP methods MUST fail to process EAP-Success messages if
++	 * no MSK is established.
++	 *
+ 	 * @param msk			chunk receiving internal stored MSK
+ 	 * @return
+-	 *						- SUCCESS, or
++	 *						- SUCCESS, if MSK is established
+ 	 * 						- FAILED, if MSK not established (yet)
++	 *						- NOT_SUPPORTED, for non-MSK-establishing methods
+ 	 */
+ 	status_t (*get_msk) (eap_method_t *this, chunk_t *msk);
+ 
+diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
+index e1e6cd7..87548fc 100644
+--- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
++++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
+@@ -305,9 +305,17 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this,
+ 				this->method->destroy(this->method);
+ 				return server_initiate_eap(this, FALSE);
+ 			}
+-			if (this->method->get_msk(this->method, &this->msk) == SUCCESS)
++			switch (this->method->get_msk(this->method, &this->msk))
+ 			{
+-				this->msk = chunk_clone(this->msk);
++				case SUCCESS:
++					this->msk = chunk_clone(this->msk);
++					break;
++				case NOT_SUPPORTED:
++					break;
++				case FAILED:
++				default:
++					DBG1(DBG_IKE, "failed to establish MSK");
++					goto failure;
+ 			}
+ 			if (vendor)
+ 			{
+@@ -326,6 +334,7 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this,
+ 			return eap_payload_create_code(EAP_SUCCESS, in->get_identifier(in));
+ 		case FAILED:
+ 		default:
++failure:
+ 			/* type might have changed for virtual methods */
+ 			type = this->method->get_type(this->method, &vendor);
+ 			if (vendor)
+@@ -661,9 +670,24 @@ METHOD(authenticator_t, process_client, status_t,
+ 				uint32_t vendor;
+ 				auth_cfg_t *cfg;
+ 
+-				if (this->method->get_msk(this->method, &this->msk) == SUCCESS)
++				if (!this->method)
+ 				{
+-					this->msk = chunk_clone(this->msk);
++					DBG1(DBG_IKE, "received unexpected %N",
++						 eap_code_names, eap_payload->get_code(eap_payload));
++					return FAILED;
++				}
++				switch (this->method->get_msk(this->method, &this->msk))
++				{
++					case SUCCESS:
++						this->msk = chunk_clone(this->msk);
++						break;
++					case NOT_SUPPORTED:
++						break;
++					case FAILED:
++					default:
++						DBG1(DBG_IKE, "received %N but failed to establish MSK",
++							 eap_code_names, eap_payload->get_code(eap_payload));
++						return FAILED;
+ 				}
+ 				type = this->method->get_type(this->method, &vendor);
+ 				if (vendor)


=====================================
debian/patches/series
=====================================
@@ -4,3 +4,4 @@
 04_disable-libtls-tests.patch
 0006-cert-cache-Prevent-crash-due-to-integer-overflow-sig.patch
 0007-Reject-RSASSA-PSS-params-with-negative-salt-length.patch
+0007-eap-authenticator-Enforce-failure-if-MSK-generation-.patch



View it on GitLab: https://salsa.debian.org/debian/strongswan/-/compare/a7e55d24982f24accbccc6883374563057a7d299...9fa3d19d43fa1ecda30e14fd908fd418ffa43a32

-- 
View it on GitLab: https://salsa.debian.org/debian/strongswan/-/compare/a7e55d24982f24accbccc6883374563057a7d299...9fa3d19d43fa1ecda30e14fd908fd418ffa43a32
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-swan-devel/attachments/20220126/cb8e2113/attachment-0001.htm>
