[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ldappasswd MD5 bug
The following simple fix corrects the problems using MD5 hashing in
ldappasswd. I grep'd around for some similar bugs and didn't find anything
obvious, although I would question some of the implemetation in base64.c
(asserts in a library? I hope NDEBUG is defined for production) and some
lack of error checking :)... The base64 encoder expects the length to be
a multiple of four (plus null), but the ceiling call is useless because
the significant bits are lost before the promotion to double in the
macro. Again, simple fix.
WM
--- ldappasswd.c~ Wed Oct 20 16:56:50 1999
+++ ldappasswd.c Wed Oct 20 16:52:11 1999
@@ -107,7 +107,7 @@
len += salt->len;
}
- b64_len = CEILING (len / 3) * 4 + 1;
+ b64_len = CEILING ((double)len / 3) * 4 + 1;
base64digest = (char *)malloc (b64_len);
if (lutil_b64_ntop (npasswd, len, base64digest, b64_len) < 0)
{
--
_ __ ___ ____ ___ ___ ___
Wesley N Morgan _ __ ___ | _ ) __| \
morganw@engr.sc.edu _ __ | _ \._ \ |) |
FreeBSD: The Power To Serve _ |___/___/___/
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!