OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Software Bugs/7490
Full headers

From: mhardin@symas.com
Subject: Security weakness in sha2 password module
Compose comment
Download message
State:
0 replies:
1 followups: 1

Major security issue: yes  no

Notes:

Notification:


Date: Fri, 11 Jan 2013 06:19:08 +0000
From: mhardin@symas.com
To: openldap-its@OpenLDAP.org
Subject: Security weakness in sha2 password module
Full_Name: Matthew Hardin
Version: 2.4.33+
OS: All
URL: ftp://ftp.openldap.org/incoming/sha2.c-diff.txt
Submission from: (NULL) (69.43.206.100)


contrib/slapd-modules/passwd/sha2/sha2.c uses a series of context buffers and
zeros them out in several places using the following macro:

MEMSET_BZERO(context, sizeof(context))

The variable 'context' is a pointer to a context buffer, so sizeof will evaluate
to the size of a pointer for the particular platform. As a result, the context
buffer is only partially zeroed.

The correct invocation is:

MEMSET_BZERO(context, sizeof(*context))

which will zero out the complete context buffer.

The referenced diff details the changes to sha2.c that are necessary to correct
this issue.

Note this also cleans up warnings reported by MacOS's clang compiler.

I, Matthew Hardin, hereby place the following modifications to OpenLDAP Software
(and only these modifications) into the public domain. Hence, these
modifications may be freely used and/or redistributed for any purpose with or
without attribution and/or other notice. 

Followup 1

Download message
Date: Tue, 15 Jan 2013 16:58:53 -0800
From: Quanah Gibson-Mount <quanah@zimbra.com>
To: mhardin@symas.com, openldap-its@openldap.org
Subject: Re: (ITS#7490) Security weakness in sha2 password module
--On Friday, January 11, 2013 6:19 AM +0000 mhardin@symas.com wrote:

> Full_Name: Matthew Hardin
> Version: 2.4.33+
> OS: All
> URL: ftp://ftp.openldap.org/incoming/sha2.c-diff.txt
> Submission from: (NULL) (69.43.206.100)
>
>
> contrib/slapd-modules/passwd/sha2/sha2.c uses a series of context buffers
> and zeros them out in several places using the following macro:
>
> MEMSET_BZERO(context, sizeof(context))
>
> The variable 'context' is a pointer to a context buffer, so sizeof will
> evaluate to the size of a pointer for the particular platform. As a
> result, the context buffer is only partially zeroed.
>
> The correct invocation is:
>
> MEMSET_BZERO(context, sizeof(*context))
>
> which will zero out the complete context buffer.
>
> The referenced diff details the changes to sha2.c that are necessary to
> correct this issue.
>
> Note this also cleans up warnings reported by MacOS's clang compiler.
>
> I, Matthew Hardin, hereby place the following modifications to OpenLDAP
> Software (and only these modifications) into the public domain. Hence,
> these modifications may be freely used and/or redistributed for any
> purpose with or without attribution and/or other notice.

Can you resubmit the patch using git-format-patch?  Or at least using 
unified diff format? ;)

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org