dgit.raspbian.org Git - 389-ds-base.git/commit

author	William Brown <firstyear@redhat.com>
	Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)
committer	Timo Aaltonen <tjaalton@debian.org>
	Tue, 21 Apr 2020 17:19:06 +0000 (18:19 +0100)
commit	5345fc9284dcee923693d52ecebef5e9d367e7ed
tree	2d8233ef1fbfff47b0d46249739ba549fbf61dd1	tree \| snapshot
parent	dbddcc48d22de0ad8f081733dda3f0880a3bd585	commit \| diff

[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind

Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.

Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.

This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.

Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)

https://bugzilla.redhat.com/show_bug.cgi?id=1525628

Author: wibrown

Review by: ???

Gbp-Pq: Name CVE-2017-15135.patch

dirsrvtests/tests/suites/password/bz1525628_ct_memcmp_invalid_hash_test.py	[new file with mode: 0644]	blob
ldap/servers/plugins/pwdstorage/clear_pwd.c		diff \| blob \| history
ldap/servers/plugins/pwdstorage/crypt_pwd.c		diff \| blob \| history
ldap/servers/plugins/pwdstorage/md5_pwd.c		diff \| blob \| history
ldap/servers/plugins/pwdstorage/sha_pwd.c		diff \| blob \| history
ldap/servers/plugins/pwdstorage/smd5_pwd.c		diff \| blob \| history
ldap/servers/slapd/ch_malloc.c		diff \| blob \| history
ldap/servers/slapd/slapi-plugin.h		diff \| blob \| history