File zeromq-CVE-2014-7203.patch of Package zeromq.2353
diff -urN zeromq-4.0.4.old/src/curve_client.cpp zeromq-4.0.4/src/curve_client.cpp
--- zeromq-4.0.4.old/src/curve_client.cpp 2014-09-29 10:18:04.360648652 +0200
+++ zeromq-4.0.4/src/curve_client.cpp 2014-09-29 10:22:56.207648617 +0200
@@ -35,7 +35,9 @@
zmq::curve_client_t::curve_client_t (const options_t &options_) :
mechanism_t (options_),
- state (send_hello)
+ state (send_hello),
+ cn_nonce(1),
+ cn_peer_nonce(1)
{
memcpy (public_key, options_.curve_public_key, crypto_box_PUBLICKEYBYTES);
memcpy (secret_key, options_.curve_secret_key, crypto_box_SECRETKEYBYTES);
@@ -111,7 +113,7 @@
uint8_t message_nonce [crypto_box_NONCEBYTES];
memcpy (message_nonce, "CurveZMQMESSAGEC", 16);
- memcpy (message_nonce + 16, &cn_nonce, 8);
+ put_uint64 (message_nonce + 16, cn_nonce);
const size_t mlen = crypto_box_ZEROBYTES + 1 + msg_->size ();
@@ -139,7 +141,7 @@
uint8_t *message = static_cast <uint8_t *> (msg_->data ());
memcpy (message, "\x07MESSAGE", 8);
- memcpy (message + 8, &cn_nonce, 8);
+ memcpy (message + 8, message_nonce + 16, 8);
memcpy (message + 16, message_box + crypto_box_BOXZEROBYTES,
mlen - crypto_box_BOXZEROBYTES);
@@ -169,6 +171,13 @@
uint8_t message_nonce [crypto_box_NONCEBYTES];
memcpy (message_nonce, "CurveZMQMESSAGES", 16);
memcpy (message_nonce + 16, message + 8, 8);
+ uint64_t nonce = get_uint64(message + 8);
+ if (nonce <= cn_peer_nonce) {
+ errno = EPROTO;
+ return -1;
+ }
+ cn_peer_nonce = nonce;
+
const size_t clen = crypto_box_BOXZEROBYTES + (msg_->size () - 16);
@@ -221,7 +230,7 @@
// Prepare the full nonce
memcpy (hello_nonce, "CurveZMQHELLO---", 16);
- memcpy (hello_nonce + 16, &cn_nonce, 8);
+ put_uint64 (hello_nonce + 16, cn_nonce);
// Create Box [64 * %x0](C'->S)
memset (hello_plaintext, 0, sizeof hello_plaintext);
@@ -344,7 +353,7 @@
const size_t mlen = ptr - initiate_plaintext;
memcpy (initiate_nonce, "CurveZMQINITIATE", 16);
- memcpy (initiate_nonce + 16, &cn_nonce, 8);
+ put_uint64 (initiate_nonce + 16, cn_nonce);
rc = crypto_box (initiate_box, initiate_plaintext,
mlen, initiate_nonce, cn_server, cn_secret);
@@ -359,7 +368,7 @@
// Cookie provided by the server in the WELCOME command
memcpy (initiate + 9, cn_cookie, 96);
// Short nonce, prefixed by "CurveZMQINITIATE"
- memcpy (initiate + 105, &cn_nonce, 8);
+ memcpy (initiate + 105, initiate_nonce + 16, 8);
// Box [C + vouch + metadata](C'->S')
memcpy (initiate + 113, initiate_box + crypto_box_BOXZEROBYTES,
mlen - crypto_box_BOXZEROBYTES);
@@ -393,6 +402,7 @@
memcpy (ready_nonce, "CurveZMQREADY---", 16);
memcpy (ready_nonce + 16, ready + 6, 8);
+ cn_peer_nonce = get_uint64(msg_data + 6);
int rc = crypto_box_open_afternm (ready_plaintext, ready_box,
clen, ready_nonce, cn_precom);
diff -urN zeromq-4.0.4.old/src/curve_client.hpp zeromq-4.0.4/src/curve_client.hpp
--- zeromq-4.0.4.old/src/curve_client.hpp 2014-09-29 10:18:04.357648652 +0200
+++ zeromq-4.0.4/src/curve_client.hpp 2014-09-29 10:18:16.272648651 +0200
@@ -95,6 +95,7 @@
// Nonce
uint64_t cn_nonce;
+ uint64_t cn_peer_nonce;
int produce_hello (msg_t *msg_);
int process_welcome (msg_t *msg_);
diff -urN zeromq-4.0.4.old/src/curve_server.cpp zeromq-4.0.4/src/curve_server.cpp
--- zeromq-4.0.4.old/src/curve_server.cpp 2014-09-29 10:18:04.359648652 +0200
+++ zeromq-4.0.4/src/curve_server.cpp 2014-09-29 10:21:25.912648628 +0200
@@ -40,7 +40,8 @@
peer_address (peer_address_),
state (expect_hello),
expecting_zap_reply (false),
- cn_nonce (1)
+ cn_nonce (1),
+ cn_peer_nonce(1)
{
// Fetch our secret key from socket options
memcpy (secret_key, options_.curve_secret_key, crypto_box_SECRETKEYBYTES);
@@ -114,7 +115,7 @@
uint8_t message_nonce [crypto_box_NONCEBYTES];
memcpy (message_nonce, "CurveZMQMESSAGES", 16);
- memcpy (message_nonce + 16, &cn_nonce, 8);
+ put_uint64 (message_nonce + 16, cn_nonce);
uint8_t flags = 0;
if (msg_->flags () & msg_t::more)
@@ -144,7 +145,7 @@
uint8_t *message = static_cast <uint8_t *> (msg_->data ());
memcpy (message, "\x07MESSAGE", 8);
- memcpy (message + 8, &cn_nonce, 8);
+ memcpy (message + 8, message_nonce + 16, 8);
memcpy (message + 16, message_box + crypto_box_BOXZEROBYTES,
mlen - crypto_box_BOXZEROBYTES);
@@ -174,6 +175,12 @@
uint8_t message_nonce [crypto_box_NONCEBYTES];
memcpy (message_nonce, "CurveZMQMESSAGEC", 16);
memcpy (message_nonce + 16, message + 8, 8);
+ uint64_t nonce = get_uint64(message + 8);
+ if (nonce <= cn_peer_nonce) {
+ errno = EPROTO;
+ return -1;
+ }
+ cn_peer_nonce = nonce;
const size_t clen = crypto_box_BOXZEROBYTES + msg_->size () - 16;
@@ -260,6 +267,7 @@
memcpy (hello_nonce, "CurveZMQHELLO---", 16);
memcpy (hello_nonce + 16, hello + 112, 8);
+ cn_peer_nonce = get_uint64(hello + 112);
memset (hello_box, 0, crypto_box_BOXZEROBYTES);
memcpy (hello_box + crypto_box_BOXZEROBYTES, hello + 120, 80);
@@ -388,6 +396,7 @@
memcpy (initiate_nonce, "CurveZMQINITIATE", 16);
memcpy (initiate_nonce + 16, initiate + 105, 8);
+ cn_peer_nonce = get_uint64(initiate + 105);
rc = crypto_box_open (initiate_plaintext, initiate_box,
clen, initiate_nonce, cn_client, cn_secret);
@@ -469,7 +478,7 @@
const size_t mlen = ptr - ready_plaintext;
memcpy (ready_nonce, "CurveZMQREADY---", 16);
- memcpy (ready_nonce + 16, &cn_nonce, 8);
+ put_uint64 (ready_nonce + 16, cn_nonce);
int rc = crypto_box_afternm (ready_box, ready_plaintext,
mlen, ready_nonce, cn_precom);
@@ -482,7 +491,7 @@
memcpy (ready, "\x05READY", 6);
// Short nonce, prefixed by "CurveZMQREADY---"
- memcpy (ready + 6, &cn_nonce, 8);
+ memcpy (ready + 6, ready_nonce + 16, 8);
// Box [metadata](S'->C')
memcpy (ready + 14, ready_box + crypto_box_BOXZEROBYTES,
mlen - crypto_box_BOXZEROBYTES);
diff -urN zeromq-4.0.4.old/src/curve_server.hpp zeromq-4.0.4/src/curve_server.hpp
--- zeromq-4.0.4.old/src/curve_server.hpp 2014-09-29 10:18:04.358648652 +0200
+++ zeromq-4.0.4/src/curve_server.hpp 2014-09-29 10:18:16.273648651 +0200
@@ -84,6 +84,7 @@
bool expecting_zap_reply;
uint64_t cn_nonce;
+ uint64_t cn_peer_nonce;
// Our secret key (s)
uint8_t secret_key [crypto_box_SECRETKEYBYTES];
