[Bug 191511] New: opiepasswd segfaults with a seed length > 12

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191511

            Bug ID: 191511
           Summary: opiepasswd segfaults with a seed length > 12
           Product: Base System
           Version: 10.0-RELEASE
          Hardware: Any
                OS: Any
            Status: Needs Triage
          Severity: Affects Only Me
          Priority: Normal
         Component: bin
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: mitsururike at gmail.com

opiepasswd segfaults with a seed length > 12

" ext" is added to the challenge in libopie/challenge.c but it is not
included in the calculation of the OPIE_CHALLENGE_MAX in opie.h.
Falling back to randomchallenge() and clearing mp causes segfault in
opieatob8().

Environment:
System: FreeBSD 10.0-RELEASE-p4 amd64

How-To-Repeat:
opiepasswd -s 0123456789012

Fix:
--- opie.h.dist    2014-06-30 16:53:37.000000000 +0900
+++ opie.h    2014-06-30 16:53:55.000000000 +0900
@@ -72,8 +72,8 @@
 /* Max length of hash algorithm name (md4/md5) */
 #define OPIE_HASHNAME_MAX 3

-/* Maximum length of a challenge (otp-md? 9999 seed) */
-#define OPIE_CHALLENGE_MAX (4+OPIE_HASHNAME_MAX+1+4+1+OPIE_SEED_MAX)
+/* Maximum length of a challenge (otp-md? 9999 seed ext) */
+#define OPIE_CHALLENGE_MAX (4+OPIE_HASHNAME_MAX+1+4+1+OPIE_SEED_MAX+4)

 /* Maximum length of a response that we allow */
 #define OPIE_RESPONSE_MAX (9+1+19+1+9+OPIE_SEED_MAX+1+19+1+19+1+19)

-- 
You are receiving this mail because:
You are the assignee for the bug.