[Date Prev][Date Next] [Chronological] [Thread] [Top]

frivolous use of strncmp in ldappasswd.c (ITS#1497)

To: openldap-its@OpenLDAP.org
Subject: frivolous use of strncmp in ldappasswd.c (ITS#1497)
From: Michael.Gerdts@alcatel.com
Date: Mon, 17 Dec 2001 17:25:41 GMT

Full_Name: Mike Gerdts
Version: 2.0.18
OS: Solaris 7 - 9
URL: ftp://ftp.openldap.org/incoming/strcmp.patch
Submission from: (NULL) (143.209.230.172)


The C library's str* functions are known to be the root cause of many
buffer overflow problems.  strcmp() is not dangerous the same way that
sprintf().  The following code has a frivolous use of strncmp that does
more harm than good.

clients/tools/ldappasswd.c:520

        if( want_newpw && newpw == NULL ) {
                /* prompt for new password */
                char *cknewpw;
                newpw = strdup(getpassphrase("New password: "));
                cknewpw = getpassphrase("Re-enter new password: ");

                if( newpw== NULL || cknewpw == NULL ||
                        strncmp( newpw, cknewpw, strlen(newpw) ))
                {
                        fprintf( stderr, "passwords do not match\n" );
                        return EXIT_FAILURE;
                }
        }

There is no good reason for the use of strncmp().  The use of strdup()
guarantees that both strings are terminated.  strcmp() should be used. 
Why?  If newpw is set to `mynewpas' (one `s') and cknewpw is set to
`mynewpass' (two of 'em), a user may think that the new password is
being set to `mynewpass' when it is really being set to the mistyped
`mynewpas' (one `s').  If strcmp() were used, different length strings
would be caught.

This same problem exists at line 513 as well:

                strncmp( oldpw, ckoldpw, strlen(oldpw) ))

And at servers/slapd/tools/slappasswd.c:100

                if( strncmp( newpw, cknewpw, strlen(newpw) ))

Prev by Date: Re: ldap_bind: Invalid Credential (ITS#1496)
Next by Date: tcp_wrapper (ITS#1498)
Index(es):
- Chronological
- Thread