dgit.raspbian.org Git - 389-ds-base.git/commit

author	William Brown <firstyear@redhat.com>
	Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)
committer	Timo Aaltonen <tjaalton@debian.org>
	Wed, 19 May 2021 11:22:15 +0000 (12:22 +0100)
commit	e1d99461b1c66ca30760fee84b9a6cf44b5cd0b2
tree	a722416f39304512717a9ba8e10d27aca925a4cc	tree \| snapshot
parent	0227321d9a38681ca71e60731544698d3fad5dbd	commit \| diff

[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind

Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.

Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.

This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.

Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)

https://bugzilla.redhat.com/show_bug.cgi?id=1525628

Author: wibrown

Review by: ???

Gbp-Pq: Name CVE-2017-15135.patch

dirsrvtests/tests/suites/password/bz1525628_ct_memcmp_invalid_hash_test.py	[new file with mode: 0644]	blob
ldap/servers/plugins/pwdstorage/clear_pwd.c		diff \| blob \| history
ldap/servers/plugins/pwdstorage/crypt_pwd.c		diff \| blob \| history
ldap/servers/plugins/pwdstorage/gost_yescrypt.c		diff \| blob \| history
ldap/servers/plugins/pwdstorage/md5_pwd.c		diff \| blob \| history
ldap/servers/plugins/pwdstorage/sha_pwd.c		diff \| blob \| history
ldap/servers/plugins/pwdstorage/smd5_pwd.c		diff \| blob \| history
ldap/servers/slapd/ch_malloc.c		diff \| blob \| history
ldap/servers/slapd/slapi-plugin.h		diff \| blob \| history