ports/154207: security/p5-Crypt-RandPasswd: patch for method invocation bug in Crypt::RandPasswd->random_chars_in_range()

Matthew X. Economou xenophon+fbsdports at irtnog.org
Fri Jan 21 16:50:12 UTC 2011 

>Number:         154207
>Category:       ports
>Synopsis:       security/p5-Crypt-RandPasswd: patch for method invocation bug in Crypt::RandPasswd->random_chars_in_range()
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 21 16:50:12 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Matthew X. Economou
>Release:        FreeBSD/amd64 9-CURRENT
>Organization:
IRTNOG
>Environment:
FreeBSD lp-001c230aae10.irtnog.net 9.0-CURRENT FreeBSD 9.0-CURRENT #2: Wed Jan 19 09:42:11 EST 2011     root at lp-001c230aae10.irtnog.net:/usr/obj/usr/src/sys/LP-001C230AAE10  amd64
>Description:
If an external caller invokes the the method Crypt::RandPasswd->random_chars_in_range(), Perl prepends the object name to the function's argument list.  This causes the local variables $minlen, $maxlen, $lo_char, and $hi_char to be set incorrectly ($minlen is set to the object name, $maxlen is set to what should have been the minimum length, $lo_char is set to what should have been the maximum length, and $hi_char is set to what should have been the first character in the given range), so that the method returns an incorrect result.

When random_chars_in_range() is called from within the module (e.g., by the letters() method), Perl does not modify the argument list, so the random_chars_in_range() method works as documented.
>How-To-Repeat:
These two commands should have an equivalent result (32 random lower-case letters):

perl -MCrypt::RandPasswd -e 'print Crypt::RandPasswd->letters(32,32),"\n";'

perl -MCrypt::RandPasswd -e 'print Crypt::RandPasswd->random_chars_in_range(32,32, "a" => "z"),"\n";'

However, the second command will result in a random string from zero to 32 characters long taken from the set ASCII code 32 (space) through the letter "a".
>Fix:
Apply this patch to the Crypt::RandPasswd sources, which in random_chars_in_range(), adds a check to the argument list length prior to parsing, and if it is greater than 4 items, shifts the list down by one:

--- Crypt-RandPasswd-0.02/lib/Crypt/RandPasswd.pm.orig  2011-01-20 15:12:21.305822700 -0500
+++ Crypt-RandPasswd-0.02/lib/Crypt/RandPasswd.pm       2011-01-21 10:55:30.872462500 -0500
@@ -1466,6 +1466,7 @@
 =cut

 sub random_chars_in_range($$$$) {
+     @_ > 4 and shift;
      my( $minlen, $maxlen, $lo_char, $hi_char ) = @_;

      $minlen <= $maxlen or die "minlen $minlen is greater than maxlen $maxlen";


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list