mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-11-22 17:39:53 +03:00
Fix Vulnerability: CVE-2023-32275 TALOS-2023-1753
SoftEther VPN CtEnumCa () information disclosure vulnerability https://www.softether.org/9-about/News/904-SEVPN202301 https://jvn.jp/en/jp/JVN64316789/
This commit is contained in:
parent
2dec52b875
commit
f4bbe476be
@ -712,7 +712,8 @@ UINT RsaPublicSize(K *k)
|
||||
// Hash a pointer to a 32-bit
|
||||
UINT HashPtrToUINT(void *p)
|
||||
{
|
||||
UCHAR hash_data[MD5_SIZE];
|
||||
UCHAR hash_data[SHA256_SIZE];
|
||||
UCHAR hash_src[CANARY_RAND_SIZE + sizeof(void *)];
|
||||
UINT ret;
|
||||
// Validate arguments
|
||||
if (p == NULL)
|
||||
@ -720,7 +721,11 @@ UINT HashPtrToUINT(void *p)
|
||||
return 0;
|
||||
}
|
||||
|
||||
Md5(hash_data, &p, sizeof(p));
|
||||
Zero(hash_src, sizeof(hash_src));
|
||||
Copy(hash_src + 0, GetCanaryRand(CANARY_RAND_ID_PTR_KEY_HASH), CANARY_RAND_SIZE);
|
||||
Copy(hash_src + CANARY_RAND_SIZE, p, sizeof(void *));
|
||||
|
||||
Sha2_256(hash_data, hash_src, sizeof(hash_src));
|
||||
|
||||
Copy(&ret, hash_data, sizeof(ret));
|
||||
|
||||
|
@ -123,11 +123,7 @@ typedef int (COMPARE)(void *p1, void *p2);
|
||||
#define GET_ABS(a) ((a) >= 0 ? (a) : -(a))
|
||||
|
||||
// Convert the pointer to UINT
|
||||
#ifdef CPU_64
|
||||
#define POINTER_TO_KEY(p) HashPtrToUINT(p)
|
||||
#else
|
||||
#define POINTER_TO_KEY(p) (UINT)(p)
|
||||
#endif
|
||||
#define POINTER_TO_KEY(p) (HashPtrToUINT(p))
|
||||
|
||||
// Compare the pointer and UINT
|
||||
#define COMPARE_POINTER_AND_KEY(p, i) (POINTER_TO_KEY(p) == (i))
|
||||
|
@ -378,6 +378,8 @@ bool AddStrToStrListDistinct(LIST *o, char *str);
|
||||
#define CANARY_RAND_ID_MEMTAG_MAGIC 0
|
||||
#define CANARY_RAND_SIZE 20
|
||||
|
||||
#define CANARY_RAND_ID_PTR_KEY_HASH 1
|
||||
|
||||
void InitCanaryRand();
|
||||
UCHAR *GetCanaryRand(UINT id);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user