[Bug 191511] opiepasswd(1) segfaults with a seed length > 12
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Aug 18 02:14:39 UTC 2014
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191511
--- Comment #2 from commit-hook at freebsd.org ---
A commit references this bug:
Author: ache
Date: Mon Aug 18 02:13:46 UTC 2014
New revision: 270120
URL: http://svnweb.freebsd.org/changeset/base/270120
Log:
MFC: r269806,r269809,r269811,r269810
r269806:
Fix too long (seed length >12 chars) challenge handling.
1) " ext" length should be included into OPIE_CHALLENGE_MAX (as all places
of opie code expects that).
2) Overflow check in challenge.c is off by 1 even with corrected
OPIE_CHALLENGE_MAX
3) When fallback to randomchallenge() happens and rval is 0 (i.e.
challenge is too long), its value should be set to error state too.
To demonstrate the bug, run opiepasswd with valid seed:
opiepasswd -s 1234567890123456
and notice that it falls back to randomchallenge() (i.e. no
1234567890123456 in the prompt).
r269809:
When sha1 support was added, they forget to increase OPIE_HASHNAME_MAX
r269811:
Last '/' for program name, not first one.
r269810:
Link otp-sha1 to match real challenge prompt, not otp-sha.
PR: 191511
Submitted by: mitsururike at gmail.com (partially, PR 269806)
Changes:
_U stable/10/
stable/10/contrib/opie/libopie/challenge.c
stable/10/contrib/opie/opie.h
stable/10/contrib/opie/opiekey.c
stable/10/usr.bin/opiekey/Makefile
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list