Bug in Crypt::ECB perl module

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Bug in Crypt::ECB perl module
From: "Bennett R. Samowich" <brs@xxxxxxxxxxxxx>
Date: Fri, 17 Dec 2004 10:08:10 -0500
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Thread-index: AcTkSjXsXRQaKgMGQqqOR6qZrqzRKw==
Thread-topic: Bug in Crypt::ECB perl module

There is a bug in the Crypt::ECB module that affects the way it processes 
blocks of data.  It appears that Crypt::ECB incorrectly processes the last 
block of data if it contains a singe ASCII "0".  This has been tested using the 
Blowfish, Rijndael, TripleDES, DES, and IDEA algorithms.  Below is some 
proof-of-concept code to demonstrate the problem.  The problem is produced 
where the plain-text data length is one more than ((n % 8) == 0).  I have not 
tested the Crypt::CFB or Crypt::OFB modules which I believe are based on the 
Crypt::ECB module.

Plain-text data examples:
        0
        123456780
        abcdefgh0
        12345678123456780
        ABCDEFGHabcdefgh0
        1234567812345678123456780
        ABCDEFGHabcdefgh123456780
        ... and so on...

Included below is a patch that corrects the problem in the Crypt::ECB module.  
I have attempted to contact the author, however, the email address in the 
module appears to be dead.  I have also posted this problem on one of the CPAN 
bug sites.

I don't believe there is a security vulnerability here other than mechanisms 
that use the Crypt::ECB module to encode passwords will produce incorrect 
results with specific plain-text data sets.   Um... I guess that is a security 
vulnerability in that there would be colliding passwords.

Thanks
- Bennett


Proof-of-Concept code:
   #!/usr/local/bin/perl

   use Crypt::ECB;

   my $cipher = "Blowfish";
   my $key    = "pb25YTt7d5b55711fd50bffcec4058d3e6c86bfc4c796bec2249b447";
   my $plain  = "12345678123456780";

   my $crypt = Crypt::ECB->new;

   $crypt->padding(PADDING_AUTO);
   $crypt->cipher($cipher) or die $crypt->errstring;
   $crypt->key($key);

   printf "Plain     = '%s'\n", $plain;

   my $enc = $crypt->encrypt_hex($plain);
   printf "Encrypted = '%s'\n", $enc;

   my $dec = $crypt->decrypt_hex($enc);
   printf "Decrypted = '%s'\n", $dec;


Patch:
### 
### Diff for ECB fix (output from diff -u)
###
### Test Data:
###             Plain: ILlW1nr30
###             Key:     
pb25YTt7d5b55711fd50bffcec4058d3e6c86bfc4c796bec2249b447
###             Pad:     AUTO
###
--- ECB.pm      2000-12-23 13:16:38.000000000 -0500
+++ ECB2.pm     2004-12-06 12:45:23.000000000 -0500
@@ -1,4 +1,4 @@
-package Crypt::ECB;
+package Crypt::ECB2;

 # Copyright (C) 2000  Christoph Appel, cappel@xxxxxxxxx
 #  see documentation for details
@@ -274,7 +274,7 @@
     $crypt->{Mode}   = '';
     $crypt->{buffer} = '';

-    return '' unless $data;
+    return '' unless length($data) > 0;

     my $cipher = $crypt->_getcipher;

Prev by Date: [SECURITY] [DSA 610-1] New cscope packages fix insecure temporary file creation
Next by Date: Re: *nix data wipe tools
Previous by thread: [SECURITY] [DSA 610-1] New cscope packages fix insecure temporary file creation
Next by thread: [ GLSA 200412-13 ] Samba: Integer overflow
Index(es):
- Date
- Thread