[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7851) [PATCH] buffer overrun in password checkers with malformed hash
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7851) [PATCH] buffer overrun in password checkers with malformed hash
- From: hyc@symas.com
- Date: Fri, 18 Jul 2014 16:45:09 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
ryan@nardis.ca wrote:
> This is a multi-part message in MIME format.
> --------------070104060109070008020807
> Content-Type: text/plain; charset=UTF-8; format=flowed
> Content-Transfer-Encoding: 7bit
>
> I checked the new pw-pbkdf2 module. It doesn't appear to be affected by
> this problem.
Thanks, all committed to master.
>
> On 11/05/14 07:56 PM, Ryan Tandy wrote:
>> ftp://ftp.openldap.org/incoming/rtandy_20140511_fix-passwd-b64-buffer_v2.patch
>
> You probably know this, but just in case it helps: "git am --keep-cr" is
> the way to apply that patch, because of apr1.c's line endings.
>
> There's a second bug in slapd-sha2.c, a missing cast causing the return
> value of lutil_b64_pton to be ignored. The built-in checkers already
> have the appropriate cast. Patch attached.
>
> --------------070104060109070008020807
> Content-Type: text/x-patch;
> name="0002-ITS-7851-contrib-pw-sha2-fix-int-size_t-comparison.patch"
> Content-Transfer-Encoding: 7bit
> Content-Disposition: attachment;
> filename*0="0002-ITS-7851-contrib-pw-sha2-fix-int-size_t-comparison.patc";
> filename*1="h"
>
>>From 0683ded766e51e0521991fc1a5d2303cf95cc475 Mon Sep 17 00:00:00 2001
> From: Ryan Tandy <ryan@nardis.ca>
> Date: Thu, 26 Jun 2014 18:33:29 -0700
> Subject: [PATCH 2/2] ITS#7851 contrib pw-sha2 fix int/size_t comparison
>
> ---
> contrib/slapd-modules/passwd/sha2/slapd-sha2.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/contrib/slapd-modules/passwd/sha2/slapd-sha2.c b/contrib/slapd-modules/passwd/sha2/slapd-sha2.c
> index 1ec7989..2e4fcb0 100644
> --- a/contrib/slapd-modules/passwd/sha2/slapd-sha2.c
> +++ b/contrib/slapd-modules/passwd/sha2/slapd-sha2.c
> @@ -244,7 +244,7 @@ static int chk_ssha256(
>
> rc = lutil_b64_pton(passwd->bv_val, orig_pass, decode_len);
>
> - if( rc <= sizeof(SHAdigest) ) {
> + if( rc <= (int)(sizeof(SHAdigest)) ) {
> ber_memfree(orig_pass);
> return LUTIL_PASSWD_ERR;
> }
> @@ -332,7 +332,7 @@ static int chk_ssha384(
>
> rc = lutil_b64_pton(passwd->bv_val, orig_pass, decode_len);
>
> - if( rc <= sizeof(SHAdigest) ) {
> + if( rc <= (int)(sizeof(SHAdigest)) ) {
> ber_memfree(orig_pass);
> return LUTIL_PASSWD_ERR;
> }
> @@ -420,7 +420,7 @@ static int chk_ssha512(
>
> rc = lutil_b64_pton(passwd->bv_val, orig_pass, decode_len);
>
> - if( rc <= sizeof(SHAdigest) ) {
> + if( rc <= (int)(sizeof(SHAdigest)) ) {
> ber_memfree(orig_pass);
> return LUTIL_PASSWD_ERR;
> }
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/