Kusagadzikana (CVE-3-2022) kwaonekwa mukuitwa kweSHA-37454 (Keccak) cryptographic hash basa rinopihwa muXKCP package (eXtended Keccak Code Package), iyo inogona kutungamira mukufashukira kwebuffer panguva yekugadzirisa zvimwe. data yakarongwa. Dambudziko rinokonzerwa nebug mune kodhi yekumisikidzwa kweSHA-3, uye kwete nekusagadzikana mune algorithm pachayo. Iyo XKCP package inotaridzwa sekushandiswa zviri pamutemo kweSHA-3, yakagadziridzwa nerubatsiro kubva kuboka rekusimudzira Keccak, uye inoshandiswa sehwaro hwemabasa eSHA-3 mumitauro yakasiyana-siyana yekuronga (semuenzaniso, XKCP kodhi inoshandiswa muPython hahlib. module, iyo Ruby digest package sha3 uye PHP hash_* mabasa).
Sekureva kwemuongorori akaziva dambudziko, akakwanisa kushandisa kusagadzikana kutyora cryptographic zvimiro zvehashi basa uye kuwana yekutanga neyechipiri preimages, pamwe nekuona kudhumhana. Pamusoro pezvo, zvakaziviswa kuti prototype exploit yaizogadzirwa iyo yaizobvumira kodhi kuti iitwe pakuverenga hashi yefaira rakagadzirwa. Kusagadzikana kunogonawo kushandiswa kurwisa dhijitari siginecha verification algorithms inoshandisa SHA-3 (semuenzaniso, Ed448). Tsanangudzo dzenzira dzekurwisa dzakarongwa kuti dzibudiswe gare gare, mushure mekusagadzikana kwabviswa kwese.
Izvo hazvisati zvanyatsojeka kuti kusagadzikana kwakawanda kunokanganisa zvikumbiro zviripo mukuita, sezvo kuti dambudziko rizviratidze mune kodhi, cyclic hash kuverenga mumabhuroko kunofanirwa kushandiswa uye imwe yemabhuraki akagadziriswa anofanira kunge ari 4 GB muhukuru (zvishoma. 2^32 - 200 bytes). Paunenge uchigadzirisa iyo data yekuisa kamwechete (pasina sequentially kuverenga hashi muzvikamu), dambudziko harioneki. Senzira yakapusa yekudzivirira, inokurudzirwa kudzikamisa saizi yakakura yedata inobatanidzwa mune imwe iteration yekuverenga hashi.
Kusagadzikana kunokonzerwa nekukanganisa mukugadziriswa kweblock yedata rekuisa. Nekuda kwekuenzanisa kusiriko kwehunhu nerudzi rwe "int", saizi isiriyo yedata yakamirira inotarwa, izvo zvinotungamira kumuswe kunyorwa kupfuura iyo yakagoverwa buffer. Kunyanya, kuenzanisa kwakashandisa izwi rekuti "partialBlock + example->byteIOIndex", izvo zvakatungamira mukufashukira kwehukuru hukuru hwezvikamu zvinomiririra. Pamusoro pezvo, pakanga paine mhando isiriyo yakakandwa "(unsigned int)(dataByteLen - i)" mukodhi, izvo zvakakonzera kufashukira pamasystem ane 64-bit size_t type.
Muenzaniso kodhi inokonzeresa kufashukira: import hahlib h = hahlib.sha3_224() m1 = b"\x00" * 1; m2 = b"\x00β³ * 4294967295; h.update(m1) h.update(m2) kudhinda(h.hexdigest())
Source: opennet.ru