alpine 3.7
crypto weakness #266

4

Weakness Breakdown


Definition:

This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.

Warning code(s):

The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.

File Name:

xtables-addons-hardened/src/xtables-addons-2.12/extensions/pknock/xt_pknock.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.7 crypto weakness.

 	msg.peer_ip = peer->ip;
	scnprintf(msg.rule_name, info->rule_name_len + 1, info->rule_name);

	memcpy(m + 1, &msg, m->len);

#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 15, 0)
	cn_netlink_send(m, 0, multicast_group, GFP_ATOMIC);
#else
	cn_netlink_send(m, multicast_group, GFP_ATOMIC);
#endif

	kfree(m);
#endif
	return true;
}

/**
 * Transforms a sequence of characters to hexadecimal.
 *
 * @out: the hexadecimal result
 * @crypt: the original sequence
 * @size
 */
static void
crypt_to_hex(char *out, const char *crypt, unsigned int size)
{
	unsigned int i;
	for (i = 0; i < size; ++i) {
		unsigned char c = crypt[i];
		*out++ = '0' + ((c&0xf0)>>4) + (c>=0xa0)*('a'-'9'-1);
		*out++ = '0' + (c&0x0f) + ((c&0x0f)>=0x0a)*('a'-'9'-1);
	}
}

/**
 * Checks that the payload has the hmac(secret+ipsrc+epoch_min).
 *
 * @secret
 * @secret_len
 * @ipsrc
 * @payload
 * @payload_len
 * @return: 1 success, 0 failure
 */
static bool
has_secret(const unsigned char *secret, unsigned int secret_len, uint32_t ipsrc,
    const unsigned char *payload, unsigned int payload_len)
{
	char result[64]; // 64 bytes * 8 = 512 bits
	char *hexresult; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.