2.2.0 crash at a strange location
Stefan Winter
stefan.winter at restena.lu
Mon May 6 15:20:17 CEST 2013
Hi,
> Weird. I've fixed it, after some poking of the function. It now
> base64-decodes the password once, and only once.
Well... is that a complete fix? Looks to me like there is still the
*small* chance of
a) the decoded SSHA1 value containing only bytes which are allowed in base64
b) the salt being so long that it grows the whole decoded string to more
than 4/3 of the min_length
c) the salt having exclusively bytes which are allowed in base64;
possibly ending in = sign(s)
If all these are met, a second decoding would be done, and be successful
- except the user wouldn't be able to log in because the new decoded
content would not match his password any more.
I guess I can live with that small chance, but... clean is something
else. How about if you owe me a beer if that unlikely situation becomes
true :-)
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20130506/174f2b54/attachment.pgp>
More information about the Freeradius-Devel
mailing list