dgit.raspbian.org Git - 389-ds-base.git/commit

author	William Brown <firstyear@redhat.com>
	Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)
committer	Timo Aaltonen <tjaalton@debian.org>
	Mon, 16 Aug 2021 06:54:52 +0000 (07:54 +0100)
commit	8ded7bdfd15754fbcdcc2b249eefab2475817217
tree	511a2cff590fcbe723cc45e6a206d7ff425e30fc	tree \| snapshot
parent	995932ada9ec4c45a2bd03caccaf05a32121ca18	commit \| diff

[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind

Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.

Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.

This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.

Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)

https://bugzilla.redhat.com/show_bug.cgi?id=1525628

Author: wibrown

Review by: ???

Gbp-Pq: Name CVE-2017-15135.patch

dirsrvtests/tests/suites/password/bz1525628_ct_memcmp_invalid_hash_test.py	[new file with mode: 0644]	blob
ldap/servers/plugins/pwdstorage/clear_pwd.c		diff \| blob \| history
ldap/servers/plugins/pwdstorage/crypt_pwd.c		diff \| blob \| history
ldap/servers/plugins/pwdstorage/gost_yescrypt.c		diff \| blob \| history
ldap/servers/plugins/pwdstorage/md5_pwd.c		diff \| blob \| history
ldap/servers/plugins/pwdstorage/sha_pwd.c		diff \| blob \| history
ldap/servers/plugins/pwdstorage/smd5_pwd.c		diff \| blob \| history
ldap/servers/slapd/ch_malloc.c		diff \| blob \| history
ldap/servers/slapd/slapi-plugin.h		diff \| blob \| history