dgit.raspbian.org Git - 389-ds-base.git/commit

author	William Brown <firstyear@redhat.com>
	Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)
committer	Raspbian forward porter <root@raspbian.org>
	Thu, 11 Jul 2019 17:33:27 +0000 (18:33 +0100)
commit	f42b7289776f1dad67837e12b80460eafb9c8d6d
tree	f6e27bdb7bf8fecf71dc5f77de4455aed1d245b9	tree \| snapshot
parent	41d5b79d5c0574e05e54ea71696cd330aa48c8b3	commit \| diff

Ticket bz1525628 - invalid password migration causes unauth bind

Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.

Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.

This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.

Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)

https://bugzilla.redhat.com/show_bug.cgi?id=1525628

Author: wibrown

Review by: ???

Gbp-Pq: Name CVE-2017-15135.patch

dirsrvtests/tests/suites/password/bz1525628_ct_memcmp_invalid_hash_test.py	[new file with mode: 0644]	blob
ldap/servers/plugins/pwdstorage/clear_pwd.c		diff \| blob \| history
ldap/servers/plugins/pwdstorage/crypt_pwd.c		diff \| blob \| history
ldap/servers/plugins/pwdstorage/md5_pwd.c		diff \| blob \| history
ldap/servers/plugins/pwdstorage/sha_pwd.c		diff \| blob \| history
ldap/servers/plugins/pwdstorage/smd5_pwd.c		diff \| blob \| history
ldap/servers/slapd/ch_malloc.c		diff \| blob \| history
ldap/servers/slapd/slapi-plugin.h		diff \| blob \| history