dgit.raspbian.org Git - 389-ds-base.git/commit

author	William Brown <firstyear@redhat.com>
	Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)
committer	Anton Gladky <gladk@debian.org>
	Mon, 24 Apr 2023 04:08:15 +0000 (05:08 +0100)
commit	a9c80a7dd7b8ec878c3f0ba42b9fc121775ae8bd
tree	b6ba9aa0299b0e6d97f2a96f4992da710aa0e64e	tree \| snapshot
parent	16b884b411663e32cc3daa6bdec24bcc1e60287f	commit \| diff

[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind

Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.

Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.

This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.

Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)

https://bugzilla.redhat.com/show_bug.cgi?id=1525628

Author: wibrown

Review by: ???

Gbp-Pq: Name CVE-2017-15135.patch

dirsrvtests/tests/suites/password/bz1525628_ct_memcmp_invalid_hash_test.py	[new file with mode: 0644]	blob
ldap/servers/plugins/pwdstorage/clear_pwd.c		diff \| blob \| history
ldap/servers/plugins/pwdstorage/crypt_pwd.c		diff \| blob \| history
ldap/servers/plugins/pwdstorage/md5_pwd.c		diff \| blob \| history
ldap/servers/plugins/pwdstorage/sha_pwd.c		diff \| blob \| history
ldap/servers/plugins/pwdstorage/smd5_pwd.c		diff \| blob \| history
ldap/servers/slapd/ch_malloc.c		diff \| blob \| history
ldap/servers/slapd/slapi-plugin.h		diff \| blob \| history