From e143f23c237e523758173e65ff8fdd2966ed938b Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 9 Jul 1998 13:37:17 +0000 Subject: fixed severe exploit --- cipher/ChangeLog | 9 +++++++++ cipher/dynload.c | 5 +++++ cipher/rmd160.c | 20 +++++++++++++++++++- 3 files changed, 33 insertions(+), 1 deletion(-) (limited to 'cipher') diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 2e47f9a0c..bee034920 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,12 @@ +Thu Jul 9 13:01:14 1998 Werner Koch (wk@isil.d.shuttle.de) + + * dynload.c (load_extension): Function now nbails out if + the program is run setuid. + +Wed Jul 8 18:58:23 1998 Werner Koch (wk@isil.d.shuttle.de) + + * rmd160.c (rmd160_hash_buffer): New. + Thu Jul 2 10:50:30 1998 Werner Koch (wk@isil.d.shuttle.de) * cipher.c (cipher_open): algos >=100 use standard CFB diff --git a/cipher/dynload.c b/cipher/dynload.c index e22731702..a8c01f259 100644 --- a/cipher/dynload.c +++ b/cipher/dynload.c @@ -22,6 +22,7 @@ #include #include #include +#include #ifdef HAVE_DL_DLOPEN #include #endif @@ -109,7 +110,11 @@ load_extension( EXTLIST el ) int seq = 0; int class, vers; + /* make sure we are not setuid */ + if( getuid() != geteuid() ) + log_bug("trying to load an extension while still setuid\n"); + /* now that we are not setuid anymore, we can safely load modules */ el->handle = dlopen(el->name, RTLD_NOW); if( !el->handle ) { log_error("%s: error loading extension: %s\n", el->name, dlerror() ); diff --git a/cipher/rmd160.c b/cipher/rmd160.c index e38172498..3b1702cb0 100644 --- a/cipher/rmd160.c +++ b/cipher/rmd160.c @@ -26,7 +26,7 @@ #include "util.h" #include "memory.h" #include "rmd.h" - +#include "cipher.h" /* only used for the rmd160_hash_buffer() prototype */ /********************************* * RIPEMD-160 is not patented, see (as of 25.10.97) @@ -530,6 +530,24 @@ rmd160_read( RMD160_CONTEXT *hd ) return hd->buf; } + + +/**************** + * Shortcut functions which puts the hash value of the supplied buffer + * into outbuf which must have a size of 20 bytes. + */ +void +rmd160_hash_buffer( char *outbuf, const char *buffer, size_t length ) +{ + RMD160_CONTEXT hd; + + rmd160_init( &hd ); + rmd160_write( &hd, (byte*)buffer, length ); + rmd160_final( &hd ); + memcpy( outbuf, hd.buf, 20 ); +} + + /**************** * Return some information about the algorithm. We need algo here to * distinguish different flavors of the algorithm. -- cgit v1.2.3