The Samba-Bugzilla – Attachment 13964 Details for
Bug 13275
[SECURITY] generate_random_machine_password() does not prevent against generated password trunction.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Possible git-am fix.
0001-lib-util-Ensure-generate_random_machine_password-can.patch (text/plain), 1.61 KB, created by
Jeremy Allison
on 2018-02-15 19:58:27 UTC
(
hide
)
Description:
Possible git-am fix.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2018-02-15 19:58:27 UTC
Size:
1.61 KB
patch
obsolete
>From 5ef6e46084bdc0b98e3b3b3c042f6fac707427fb Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Thu, 15 Feb 2018 11:56:06 -0800 >Subject: [PATCH] lib: util: Ensure generate_random_machine_password() can't > truncate the requested length. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13275 > >Signed-off-by: Jeremy Allison <jra@samba.org> >--- > lib/util/genrand_util.c | 20 +++++++++++++++++++- > 1 file changed, 19 insertions(+), 1 deletion(-) > >diff --git a/lib/util/genrand_util.c b/lib/util/genrand_util.c >index 76b7cd91890..e7a9c3aa582 100644 >--- a/lib/util/genrand_util.c >+++ b/lib/util/genrand_util.c >@@ -282,6 +282,7 @@ _PUBLIC_ char *generate_random_machine_password(TALLOC_CTX *mem_ctx, size_t min, > size_t i; > bool ok; > int cmp; >+ bool got_null_value = false; > > if (max > 255) { > errno = EINVAL; >@@ -326,7 +327,24 @@ _PUBLIC_ char *generate_random_machine_password(TALLOC_CTX *mem_ctx, size_t min, > * utf8 password we need to fallback to > * ASCII passwords if "unix charset" is not utf8. > */ >- generate_secret_buffer(state->password_buffer, len * 2); >+ do { >+ generate_secret_buffer(state->password_buffer, len * 2); >+ /* >+ * Ensure the secret buffer doesn't contain an >+ * embedded zero value. This would truncate the >+ * created password string at less than len. >+ */ >+ got_null_value = false; >+ for (i = 0; i < len; i++) { >+ size_t idx = i*2; >+ uint16_t c = SVAL(state->password_buffer, idx); >+ if (c == 0) { >+ got_null_value = true; >+ break; >+ } >+ } >+ } while (got_null_value); >+ > for (i = 0; i < len; i++) { > size_t idx = i*2; > uint16_t c; >-- >2.16.1.291.g4437f3f132-goog >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jra
:
review?
(
metze
)
jra
:
review?
(
slow
)
Actions:
View
Attachments on
bug 13275
: 13964