1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-06 01:30:40 +03:00

Fix Vulnerability: CVE-2023-32275 TALOS-2023-1753

SoftEther VPN CtEnumCa () information disclosure vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
This commit is contained in:
Daiyuu Nobori 2023-09-28 19:08:40 +09:00 committed by Davide Beatrici
parent 2dec52b875
commit f4bbe476be
3 changed files with 10 additions and 7 deletions

View File

@ -712,7 +712,8 @@ UINT RsaPublicSize(K *k)
// Hash a pointer to a 32-bit // Hash a pointer to a 32-bit
UINT HashPtrToUINT(void *p) UINT HashPtrToUINT(void *p)
{ {
UCHAR hash_data[MD5_SIZE]; UCHAR hash_data[SHA256_SIZE];
UCHAR hash_src[CANARY_RAND_SIZE + sizeof(void *)];
UINT ret; UINT ret;
// Validate arguments // Validate arguments
if (p == NULL) if (p == NULL)
@ -720,7 +721,11 @@ UINT HashPtrToUINT(void *p)
return 0; return 0;
} }
Md5(hash_data, &p, sizeof(p)); Zero(hash_src, sizeof(hash_src));
Copy(hash_src + 0, GetCanaryRand(CANARY_RAND_ID_PTR_KEY_HASH), CANARY_RAND_SIZE);
Copy(hash_src + CANARY_RAND_SIZE, p, sizeof(void *));
Sha2_256(hash_data, hash_src, sizeof(hash_src));
Copy(&ret, hash_data, sizeof(ret)); Copy(&ret, hash_data, sizeof(ret));

View File

@ -123,11 +123,7 @@ typedef int (COMPARE)(void *p1, void *p2);
#define GET_ABS(a) ((a) >= 0 ? (a) : -(a)) #define GET_ABS(a) ((a) >= 0 ? (a) : -(a))
// Convert the pointer to UINT // Convert the pointer to UINT
#ifdef CPU_64 #define POINTER_TO_KEY(p) (HashPtrToUINT(p))
#define POINTER_TO_KEY(p) HashPtrToUINT(p)
#else
#define POINTER_TO_KEY(p) (UINT)(p)
#endif
// Compare the pointer and UINT // Compare the pointer and UINT
#define COMPARE_POINTER_AND_KEY(p, i) (POINTER_TO_KEY(p) == (i)) #define COMPARE_POINTER_AND_KEY(p, i) (POINTER_TO_KEY(p) == (i))

View File

@ -378,6 +378,8 @@ bool AddStrToStrListDistinct(LIST *o, char *str);
#define CANARY_RAND_ID_MEMTAG_MAGIC 0 #define CANARY_RAND_ID_MEMTAG_MAGIC 0
#define CANARY_RAND_SIZE 20 #define CANARY_RAND_SIZE 20
#define CANARY_RAND_ID_PTR_KEY_HASH 1
void InitCanaryRand(); void InitCanaryRand();
UCHAR *GetCanaryRand(UINT id); UCHAR *GetCanaryRand(UINT id);