[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7490) Security weakness in sha2 password module

To: openldap-its@OpenLDAP.org
Subject: (ITS#7490) Security weakness in sha2 password module
From: mhardin@symas.com
Date: Fri, 11 Jan 2013 06:19:08 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Matthew Hardin
Version: 2.4.33+
OS: All
URL: ftp://ftp.openldap.org/incoming/sha2.c-diff.txt
Submission from: (NULL) (69.43.206.100)


contrib/slapd-modules/passwd/sha2/sha2.c uses a series of context buffers and
zeros them out in several places using the following macro:

MEMSET_BZERO(context, sizeof(context))

The variable 'context' is a pointer to a context buffer, so sizeof will evaluate
to the size of a pointer for the particular platform. As a result, the context
buffer is only partially zeroed.

The correct invocation is:

MEMSET_BZERO(context, sizeof(*context))

which will zero out the complete context buffer.

The referenced diff details the changes to sha2.c that are necessary to correct
this issue.

Note this also cleans up warnings reported by MacOS's clang compiler.

I, Matthew Hardin, hereby place the following modifications to OpenLDAP Software
(and only these modifications) into the public domain. Hence, these
modifications may be freely used and/or redistributed for any purpose with or
without attribution and/or other notice.

Prev by Date: RE: (ITS#7434) idassert-bind fails after restarting slapd
Next by Date: (ITS#7491) mdb write bus error before adding 5 million keys
Index(es):
- Chronological
- Thread