[Bug 193355] New: OPIE may not generate passwds from the dictionary correctly
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Sep 5 23:18:00 UTC 2014
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193355
Bug ID: 193355
Summary: OPIE may not generate passwds from the dictionary
correctly
Product: Base System
Version: 10.0-RELEASE
Hardware: Any
OS: Any
Status: Needs Triage
Severity: Affects Many People
Priority: ---
Component: bin
Assignee: freebsd-bugs at FreeBSD.org
Reporter: dan.turner at york.ac.uk
contrib/opie/libopie/btoe.c contains a dictionary, Wp. Wp is _not_ sorted
lexicographically. for instance, "YOU" is immediately before "ABED", line .
The function wsrch (impl. starts at line 2203) implements a binary search over
Wp, using strncmp as the comparison method. The call strncmp uses lexicographic
ordering, in which "ABED" is considered to be less than "YOU".
Unfortunately, this dictionary is from RFC 2289 & RFC 1760, and is specified in
this order. As such, I don't know how modifying this dictionary order (or the
search order) would behave in relation to these standards.
I cannot spot any location where Wp is being sorted prior to being used, but I
also have not produced proof-of-concept that fails or returns the wrong value,
this code looks suspicious to me though, as I think the pre-conditions of the
binary search are being violated.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list