[Date Prev][Date Next] [Chronological] [Thread] [Top]

bug in NS-MTA-MD5 hash checking (ITS#2662)



Full_Name: Daniel J. Popowich
Version: 2.1.22
OS: linux (RedHat 9)
URL: 
Submission from: (NULL) (24.91.180.225)


When compiling 2.1.22 I turned on the macro SLAPD_NS_MTA_MD5 in
libraries/liblutil/passwd.c so I could have users authenticate
with passwords migrated from an old Netscape mail server.  Even
with the macro turned on I kept getting errors with authentication
(e.g., when using ldapmodify I would get the error: ldap_bind: 
Invalid credentials (49)).

I eventually traced the problem to code in the function chk_ns_mta_md5
(in libraries/liblutil/passwd.c).  The variable 'buffer' is being
sized wrong such that when a memcmp is done at the end of the function
the wrong data is being compared because the number of bytes to
be compared is based on sizeof(buffer).

The declaration:

    	char buffer[LUTIL_MD5_BYTES + LUTIL_MD5_BYTES + 1];

should be changed to:	

        char buffer[LUTIL_MD5_BYTES + LUTIL_MD5_BYTES];