bin/132302: [patch] contrib/smbfs subr.c: saved passwords >18 char fail

Wed Mar 4 01:10:02 PST 2009

>Number:         132302
>Category:       bin
>Synopsis:       [patch] contrib/smbfs subr.c: saved passwords >18 char fail
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Mar 04 09:10:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     David Horn
>Release:        -current as of 20090304
>Organization:
>Environment:
FreeBSD top-bsd 8.0-CURRENT FreeBSD 8.0-CURRENT #2: Thu Feb 26 03:23:18 EST 2009     dhorn at top-bsd:/usr/obj/usr/src/sys/DHORN  i386

>Description:
If a user has a saved password (encrypted using `smbutil crypt`)for smbfs that is longer than 18 characters, the smb_simplecrypt() and smb_simpledecrypt() functions will not work properly causing authentication failures.

e.g. 

/etc/nsmb.conf
[SERVER:USER]
password=$$178465324253e0c07f5f6fcc8d0a3b3bc8d8d131212


/usr/src/contrib/smbfs/lib/smb/subr.c

>How-To-Repeat:
1) Have a samba server
2) Have an account on samba server that has a long password (>18 characters)
3) Create your simple encrypted password using `smbutil crypt` for use in nsmb.conf
4) Save your password into ~/nsmb.conf or /etc/nsmb.conf under the appropriate [SERVER:USER] heading.

>Fix:
-Don't try to bitwise xor with >=255. 

This patch maintains backwards compatibility with people who already use nsmb.conf with shorter (<=17 char) passwords successfully.

Unified diff patch attached.  

Patch attached with submission follows:

--- subr.c~	2001-12-20 11:16:25.000000000 -0500
+++ subr.c	2009-03-04 03:29:07.000000000 -0500
@@ -232,6 +232,7 @@
 			  islower(ch) ? ('a' + (ch - 'a' + 13) % 26) : ch);
 		ch ^= pos;
 		pos += 13;
+		if (pos > 248) pos -= 220;
 		sprintf(dst, "%02x", ch);
 		dst += 2;
 	}
@@ -262,6 +263,7 @@
 			return EINVAL;
 		ch ^= pos;
 		pos += 13;
+		if (pos > 248) pos -= 220;
 		if (isascii(ch))
 		    ch = (isupper(ch) ? ('A' + (ch - 'A' + 13) % 26) :
 			  islower(ch) ? ('a' + (ch - 'a' + 13) % 26) : ch);


>Release-Note:
>Audit-Trail:
>Unformatted:
