[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7490) Security weakness in sha2 password module

Full_Name: Matthew Hardin
Version: 2.4.33+
OS: All
URL: ftp://ftp.openldap.org/incoming/sha2.c-diff.txt
Submission from: (NULL) (

contrib/slapd-modules/passwd/sha2/sha2.c uses a series of context buffers and
zeros them out in several places using the following macro:

MEMSET_BZERO(context, sizeof(context))

The variable 'context' is a pointer to a context buffer, so sizeof will evaluate
to the size of a pointer for the particular platform. As a result, the context
buffer is only partially zeroed.

The correct invocation is:

MEMSET_BZERO(context, sizeof(*context))

which will zero out the complete context buffer.

The referenced diff details the changes to sha2.c that are necessary to correct
this issue.

Note this also cleans up warnings reported by MacOS's clang compiler.

I, Matthew Hardin, hereby place the following modifications to OpenLDAP Software
(and only these modifications) into the public domain. Hence, these
modifications may be freely used and/or redistributed for any purpose with or
without attribution and/or other notice.