Logged in as guest
Viewing Software Bugs/7490 Full headers
Major security issue: yes no
Notes: Fixed in master Fixed in RE24 Notification:
Date: Fri, 11 Jan 2013 06:19:08 +0000 From: mhardin@symas.com To: openldap-its@OpenLDAP.org Subject: Security weakness in sha2 password module
Full_Name: Matthew Hardin Version: 2.4.33+ OS: All URL: ftp://ftp.openldap.org/incoming/sha2.c-diff.txt Submission from: (NULL) (69.43.206.100) contrib/slapd-modules/passwd/sha2/sha2.c uses a series of context buffers and zeros them out in several places using the following macro: MEMSET_BZERO(context, sizeof(context)) The variable 'context' is a pointer to a context buffer, so sizeof will evaluate to the size of a pointer for the particular platform. As a result, the context buffer is only partially zeroed. The correct invocation is: MEMSET_BZERO(context, sizeof(*context)) which will zero out the complete context buffer. The referenced diff details the changes to sha2.c that are necessary to correct this issue. Note this also cleans up warnings reported by MacOS's clang compiler. I, Matthew Hardin, hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.
Date: Tue, 15 Jan 2013 16:58:53 -0800 From: Quanah Gibson-Mount <quanah@zimbra.com> To: mhardin@symas.com, openldap-its@openldap.org Subject: Re: (ITS#7490) Security weakness in sha2 password module
--On Friday, January 11, 2013 6:19 AM +0000 mhardin@symas.com wrote: > Full_Name: Matthew Hardin > Version: 2.4.33+ > OS: All > URL: ftp://ftp.openldap.org/incoming/sha2.c-diff.txt > Submission from: (NULL) (69.43.206.100) > > > contrib/slapd-modules/passwd/sha2/sha2.c uses a series of context buffers > and zeros them out in several places using the following macro: > > MEMSET_BZERO(context, sizeof(context)) > > The variable 'context' is a pointer to a context buffer, so sizeof will > evaluate to the size of a pointer for the particular platform. As a > result, the context buffer is only partially zeroed. > > The correct invocation is: > > MEMSET_BZERO(context, sizeof(*context)) > > which will zero out the complete context buffer. > > The referenced diff details the changes to sha2.c that are necessary to > correct this issue. > > Note this also cleans up warnings reported by MacOS's clang compiler. > > I, Matthew Hardin, hereby place the following modifications to OpenLDAP > Software (and only these modifications) into the public domain. Hence, > these modifications may be freely used and/or redistributed for any > purpose with or without attribution and/or other notice. Can you resubmit the patch using git-format-patch? Or at least using unified diff format? ;) --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
______________ © Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org
