[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
bug in NS-MTA-MD5 hash checking (ITS#2662)
Full_Name: Daniel J. Popowich
Version: 2.1.22
OS: linux (RedHat 9)
URL:
Submission from: (NULL) (24.91.180.225)
When compiling 2.1.22 I turned on the macro SLAPD_NS_MTA_MD5 in
libraries/liblutil/passwd.c so I could have users authenticate
with passwords migrated from an old Netscape mail server. Even
with the macro turned on I kept getting errors with authentication
(e.g., when using ldapmodify I would get the error: ldap_bind:
Invalid credentials (49)).
I eventually traced the problem to code in the function chk_ns_mta_md5
(in libraries/liblutil/passwd.c). The variable 'buffer' is being
sized wrong such that when a memcmp is done at the end of the function
the wrong data is being compared because the number of bytes to
be compared is based on sizeof(buffer).
The declaration:
char buffer[LUTIL_MD5_BYTES + LUTIL_MD5_BYTES + 1];
should be changed to:
char buffer[LUTIL_MD5_BYTES + LUTIL_MD5_BYTES];