Correct a buffer overflow which can occur when decompressing a

carefully crafted deflated data stream. [1]

Correct problems in the AES-XCBC-MAC IPsec authentication algorithm. [2]

Submitted by:   suz [2]
Security:       FreeBSD-SA-05:18.zlib [1], FreeBSD-SA-05:19.ipsec [2]
Approved by:	so (cperciva)

4 files changed, 21 insertions, 12 deletions

diff --git a/UPDATING b/UPDATING
index 6e0c83920f63..03ec85cea461 100644
--- a/UPDATING
+++ b/UPDATING
@@ -8,6 +8,13 @@ Items affecting the ports and packages system can be found in
 /usr/ports/UPDATING.  Please read that file before running
 portupgrade.  Important recent entries: 20040724 (default X changes).
 
+20050727:	p20	FreeBSD-SA-05:18.zlib, FreeBSD-SA-05:19.ipsec
+	Correct buffer overflow when handling certain deflated data
+	streams.
+
+	Correct errors in the implementation of the AES-XCBC-MAC IPsec
+	authentication algorithm.
+
 20050720:	p19	FreeBSD-SA-05:17.devfs
 	Correct devfs ruleset bypass.
 
diff --git a/lib/libz/inftrees.h b/lib/libz/inftrees.h
index 82d365a7e901..424af173560a 100644
--- a/lib/libz/inftrees.h
+++ b/lib/libz/inftrees.h
@@ -36,12 +36,12 @@ typedef struct {
  */
 
 /* Maximum size of dynamic tree.  The maximum found in a long but non-
-   exhaustive search was 1004 code structures (850 for length/literals
-   and 154 for distances, the latter actually the result of an
+   exhaustive search was 1444 code structures (852 for length/literals
+   and 592 for distances, the latter actually the result of an
    exhaustive search).  The true maximum is not known, but the value
    below is more than safe. */
-#define ENOUGH 1440
-#define MAXD 154
+#define ENOUGH 2048
+#define MAXD 592
 
 /* Type of code to build for inftable() */
 typedef enum {
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index fb72dc227970..bedcffe14861 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="5.3"
-BRANCH="RELEASE-p19"
+BRANCH="RELEASE-p20"
 RELEASE="${REVISION}-${BRANCH}"
 VERSION="${TYPE} ${RELEASE}"
 
diff --git a/sys/netinet6/ah_aesxcbcmac.c b/sys/netinet6/ah_aesxcbcmac.c
index 7c230e09f470..c5ffd7b6aed5 100644
--- a/sys/netinet6/ah_aesxcbcmac.c
+++ b/sys/netinet6/ah_aesxcbcmac.c
@@ -78,6 +78,7 @@ ah_aes_xcbc_mac_init(state, sav)
 	u_int8_t k3seed[AES_BLOCKSIZE] = { 3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 };
 	u_int32_t r_ks[(RIJNDAEL_MAXNR+1)*4];
 	aesxcbc_ctx *ctx;
+	u_int8_t k1[AES_BLOCKSIZE];
 
 	if (!state)
 		panic("ah_aes_xcbc_mac_init: what?");
@@ -93,14 +94,15 @@ ah_aes_xcbc_mac_init(state, sav)
 	if ((ctx->r_nr = rijndaelKeySetupEnc(r_ks,
 	    (char *)_KEYBUF(sav->key_auth), AES_BLOCKSIZE * 8)) == 0)
 		return -1;
-	if (rijndaelKeySetupEnc(ctx->r_k1s, k1seed, AES_BLOCKSIZE * 8) == 0)
+	rijndaelEncrypt(r_ks, ctx->r_nr, k1seed, k1);
+	rijndaelEncrypt(r_ks, ctx->r_nr, k2seed, ctx->k2);
+	rijndaelEncrypt(r_ks, ctx->r_nr, k3seed, ctx->k3);
+	if (rijndaelKeySetupEnc(ctx->r_k1s, k1, AES_BLOCKSIZE * 8) == 0)
 		return -1;
-	if (rijndaelKeySetupEnc(ctx->r_k2s, k2seed, AES_BLOCKSIZE * 8) == 0)
+	if (rijndaelKeySetupEnc(ctx->r_k2s, ctx->k2, AES_BLOCKSIZE * 8) == 0)
 		return -1;
-	if (rijndaelKeySetupEnc(ctx->r_k3s, k3seed, AES_BLOCKSIZE * 8) == 0)
+	if (rijndaelKeySetupEnc(ctx->r_k3s, ctx->k3, AES_BLOCKSIZE * 8) == 0)
 		return -1;
-	rijndaelEncrypt(r_ks, ctx->r_nr, k2seed, ctx->k2);
-	rijndaelEncrypt(r_ks, ctx->r_nr, k3seed, ctx->k3);
 
 	return 0;
 }
@@ -151,8 +153,8 @@ ah_aes_xcbc_mac_loop(state, addr, len)
 		addr += AES_BLOCKSIZE;
 	}
 	if (addr < ep) {
-		bcopy(addr, ctx->buf, ep - addr);
-		ctx->buflen = ep - addr;
+		bcopy(addr, ctx->buf + ctx->buflen, ep - addr);
+		ctx->buflen += ep - addr;
 	}
 }