Full_Name: Jon Roose Version: HEAD OS: Linux URL: Submission from: (NULL) (68.134.180.197) The b64_to_ab64 function within the pbkdf2 password module is incorrect. When str[0] == '+' this function fails to convert that first character to a '.' The file in question is here: contrib/slapd-modules/passwd/pbkdf2/pw-pbkdf2.c and occurs at line 62 in the current version of the file. This occurs because when you write while (*p++), it changes the pointer and skips over the first character of str. This needs to be replaced with a for loop such as: for(char* p = str; *p; p++) This is a significant bug in this module, because it causes the hash algorithm to fail to be replicable by outside hash implementations 1 out of every 64 hashes on average.
changed notes changed state Open to Test moved from Incoming to Contrib
--On Tuesday, July 17, 2018 5:35 AM +0000 jroose@gmail.com wrote: > This is a significant bug in this module, because it causes the hash > algorithm to fail to be replicable by outside hash implementations 1 out > of every 64 hashes on average. Thanks for the report. This is now fixed in git master: - Log ----------------------------------------------------------------- commit d40a832db011985d6a6b787a88dd802b02d5d5dc Author: Ond??ej Kuzn??k <ondra@openldap.org> Date: Thu Nov 8 11:09:38 2018 +0000 ITS#8878 Include the first character in the transformation ----------------------------------------------------------------------- --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>
changed notes changed state Test to Release
Fixed in master Fixed in RE24 (2.4.47)
changed notes changed state Release to Closed