[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7851) [PATCH] buffer overrun in password checkers with malformed hash
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7851) [PATCH] buffer overrun in password checkers with malformed hash
- From: ryan@nardis.ca
- Date: Fri, 27 Jun 2014 02:18:13 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
This is a multi-part message in MIME format.
--------------070104060109070008020807
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
I checked the new pw-pbkdf2 module. It doesn't appear to be affected by
this problem.
On 11/05/14 07:56 PM, Ryan Tandy wrote:
> ftp://ftp.openldap.org/incoming/rtandy_20140511_fix-passwd-b64-buffer_v2.patch
You probably know this, but just in case it helps: "git am --keep-cr" is
the way to apply that patch, because of apr1.c's line endings.
There's a second bug in slapd-sha2.c, a missing cast causing the return
value of lutil_b64_pton to be ignored. The built-in checkers already
have the appropriate cast. Patch attached.
--------------070104060109070008020807
Content-Type: text/x-patch;
name="0002-ITS-7851-contrib-pw-sha2-fix-int-size_t-comparison.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename*0="0002-ITS-7851-contrib-pw-sha2-fix-int-size_t-comparison.patc";
filename*1="h"
>From 0683ded766e51e0521991fc1a5d2303cf95cc475 Mon Sep 17 00:00:00 2001
From: Ryan Tandy <ryan@nardis.ca>
Date: Thu, 26 Jun 2014 18:33:29 -0700
Subject: [PATCH 2/2] ITS#7851 contrib pw-sha2 fix int/size_t comparison
---
contrib/slapd-modules/passwd/sha2/slapd-sha2.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/contrib/slapd-modules/passwd/sha2/slapd-sha2.c b/contrib/slapd-modules/passwd/sha2/slapd-sha2.c
index 1ec7989..2e4fcb0 100644
--- a/contrib/slapd-modules/passwd/sha2/slapd-sha2.c
+++ b/contrib/slapd-modules/passwd/sha2/slapd-sha2.c
@@ -244,7 +244,7 @@ static int chk_ssha256(
rc = lutil_b64_pton(passwd->bv_val, orig_pass, decode_len);
- if( rc <= sizeof(SHAdigest) ) {
+ if( rc <= (int)(sizeof(SHAdigest)) ) {
ber_memfree(orig_pass);
return LUTIL_PASSWD_ERR;
}
@@ -332,7 +332,7 @@ static int chk_ssha384(
rc = lutil_b64_pton(passwd->bv_val, orig_pass, decode_len);
- if( rc <= sizeof(SHAdigest) ) {
+ if( rc <= (int)(sizeof(SHAdigest)) ) {
ber_memfree(orig_pass);
return LUTIL_PASSWD_ERR;
}
@@ -420,7 +420,7 @@ static int chk_ssha512(
rc = lutil_b64_pton(passwd->bv_val, orig_pass, decode_len);
- if( rc <= sizeof(SHAdigest) ) {
+ if( rc <= (int)(sizeof(SHAdigest)) ) {
ber_memfree(orig_pass);
return LUTIL_PASSWD_ERR;
}
--
2.0.0
--------------070104060109070008020807--