[Bug 132302] [patch] smbutil(1): contrib/smbfs subr.c: saved passwords >18 char fail
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Jun 8 06:20:58 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=132302
--- Comment #5 from Matthias Apitz <guru at unixarea.de> ---
(In reply to Josh Paetzel from comment #3)
I was thinking last night about the proposed patch and wanted to modify it, but
now it's committed already before I could put hands on the keyboard;
the problem (bug) was that the value in 'pos' for the XOR operation:
ch ^= pos;
at some point exceeds, when the to be crypted password is long enough, exceeds
one byte, and so does the result in 'ch'; later the value from 'ch' is formated
to a hex string with
sprintf(dst, "%02x", ch);
dst += 2;
which gives in 'dst' four new bytes, like 0136, but the pointer 'dst' is only
moved two byte further; this damages the resulting string in 'dst' for the
crypted pw and later decrypt goes wrong;
Said this, the test for 'pos' not exceeding one byte must be
if (pos >= 256)
pos -=256;'
because a pw of 57 bytes lenth will hit the point where 'pos' is exactly 256
(0x100);
57++ bytes is a very unlikely password, but as it s stored into a file and not
typed in from time to time it's not impossible thinking in such a beast;
sorry to come late with this comment;
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list