|
|
816ad1 |
From 4219c54d9706f5597e8186d4f983b30587c2762e Mon Sep 17 00:00:00 2001
|
|
|
816ad1 |
From: Mark Reynolds <mreynolds@redhat.com>
|
|
|
816ad1 |
Date: Tue, 13 Feb 2018 10:32:06 -0500
|
|
|
816ad1 |
Subject: [PATCH] Ticket bz1525628 1.3.6 backport - invalid password migration
|
|
|
816ad1 |
causes unauth bind
|
|
|
816ad1 |
|
|
|
816ad1 |
Bug Description: Slapi_ct_memcmp expects both inputs to be
|
|
|
816ad1 |
at LEAST size n. If they are not, we only compared UP to n.
|
|
|
816ad1 |
|
|
|
816ad1 |
Invalid migrations of passwords (IE {CRYPT}XX) would create
|
|
|
816ad1 |
a pw which is just salt and no hash. ct_memcmp would then
|
|
|
816ad1 |
only verify the salt bits and would allow the authentication.
|
|
|
816ad1 |
|
|
|
816ad1 |
This relies on an administrative mistake both of allowing
|
|
|
816ad1 |
password migration (nsslapd-allow-hashed-passwords) and then
|
|
|
816ad1 |
subsequently migrating an INVALID password to the server.
|
|
|
816ad1 |
|
|
|
816ad1 |
Fix Description: slapi_ct_memcmp now access n1, n2 size
|
|
|
816ad1 |
and will FAIL if they are not the same, but will still compare
|
|
|
816ad1 |
n bytes, where n is the "longest" memory, to the first byte
|
|
|
816ad1 |
of the other to prevent length disclosure of the shorter
|
|
|
816ad1 |
value (generally the mis-migrated password)
|
|
|
816ad1 |
|
|
|
816ad1 |
https://bugzilla.redhat.com/show_bug.cgi?id=1525628
|
|
|
816ad1 |
|
|
|
816ad1 |
Author: wibrown
|
|
|
816ad1 |
---
|
|
|
816ad1 |
ldap/servers/plugins/pwdstorage/clear_pwd.c | 4 +-
|
|
|
816ad1 |
ldap/servers/plugins/pwdstorage/crypt_pwd.c | 4 +-
|
|
|
816ad1 |
ldap/servers/plugins/pwdstorage/md5_pwd.c | 14 +++----
|
|
|
816ad1 |
ldap/servers/plugins/pwdstorage/sha_pwd.c | 18 +++++++--
|
|
|
816ad1 |
ldap/servers/plugins/pwdstorage/smd5_pwd.c | 60 +++++++++++++++--------------
|
|
|
816ad1 |
ldap/servers/slapd/ch_malloc.c | 37 +++++++++++++++---
|
|
|
816ad1 |
ldap/servers/slapd/slapi-plugin.h | 2 +-
|
|
|
816ad1 |
7 files changed, 88 insertions(+), 51 deletions(-)
|
|
|
816ad1 |
|
|
|
816ad1 |
diff --git a/ldap/servers/plugins/pwdstorage/clear_pwd.c b/ldap/servers/plugins/pwdstorage/clear_pwd.c
|
|
|
816ad1 |
index b9b362d34..050e60dd7 100644
|
|
|
816ad1 |
--- a/ldap/servers/plugins/pwdstorage/clear_pwd.c
|
|
|
816ad1 |
+++ b/ldap/servers/plugins/pwdstorage/clear_pwd.c
|
|
|
816ad1 |
@@ -39,7 +39,7 @@ clear_pw_cmp( const char *userpwd, const char *dbpwd )
|
|
|
816ad1 |
* However, even if the first part of userpw matches dbpwd, but len !=, we
|
|
|
816ad1 |
* have already failed anyawy. This prevents substring matching.
|
|
|
816ad1 |
*/
|
|
|
816ad1 |
- if (slapi_ct_memcmp(userpwd, dbpwd, len_dbp) != 0) {
|
|
|
816ad1 |
+ if (slapi_ct_memcmp(userpwd, dbpwd, len_user, len_dbp) != 0) {
|
|
|
816ad1 |
result = 1;
|
|
|
816ad1 |
}
|
|
|
816ad1 |
} else {
|
|
|
816ad1 |
@@ -51,7 +51,7 @@ clear_pw_cmp( const char *userpwd, const char *dbpwd )
|
|
|
816ad1 |
* dbpwd to itself. We have already got result == 1 if we are here, so we are
|
|
|
816ad1 |
* just trying to take up time!
|
|
|
816ad1 |
*/
|
|
|
816ad1 |
- if (slapi_ct_memcmp(dbpwd, dbpwd, len_dbp)) {
|
|
|
816ad1 |
+ if (slapi_ct_memcmp(dbpwd, dbpwd, len_dbp, len_dbp)) {
|
|
|
816ad1 |
/* Do nothing, we have the if to fix a coverity check. */
|
|
|
816ad1 |
}
|
|
|
816ad1 |
}
|
|
|
816ad1 |
diff --git a/ldap/servers/plugins/pwdstorage/crypt_pwd.c b/ldap/servers/plugins/pwdstorage/crypt_pwd.c
|
|
|
816ad1 |
index dfd5af94b..ff8eabb07 100644
|
|
|
816ad1 |
--- a/ldap/servers/plugins/pwdstorage/crypt_pwd.c
|
|
|
816ad1 |
+++ b/ldap/servers/plugins/pwdstorage/crypt_pwd.c
|
|
|
816ad1 |
@@ -56,13 +56,13 @@ crypt_close(Slapi_PBlock *pb __attribute__((unused)))
|
|
|
816ad1 |
int
|
|
|
816ad1 |
crypt_pw_cmp( const char *userpwd, const char *dbpwd )
|
|
|
816ad1 |
{
|
|
|
816ad1 |
- int rc;
|
|
|
816ad1 |
+ int32_t rc;
|
|
|
816ad1 |
char *cp;
|
|
|
816ad1 |
PR_Lock(cryptlock);
|
|
|
816ad1 |
/* we use salt (first 2 chars) of encoded password in call to crypt() */
|
|
|
816ad1 |
cp = crypt( userpwd, dbpwd );
|
|
|
816ad1 |
if (cp) {
|
|
|
816ad1 |
- rc= slapi_ct_memcmp( dbpwd, cp, strlen(dbpwd));
|
|
|
816ad1 |
+ rc= slapi_ct_memcmp(dbpwd, cp, strlen(dbpwd), strlen(cp));
|
|
|
816ad1 |
} else {
|
|
|
816ad1 |
rc = -1;
|
|
|
816ad1 |
}
|
|
|
816ad1 |
diff --git a/ldap/servers/plugins/pwdstorage/md5_pwd.c b/ldap/servers/plugins/pwdstorage/md5_pwd.c
|
|
|
816ad1 |
index b27994667..88c11688b 100644
|
|
|
816ad1 |
--- a/ldap/servers/plugins/pwdstorage/md5_pwd.c
|
|
|
816ad1 |
+++ b/ldap/servers/plugins/pwdstorage/md5_pwd.c
|
|
|
816ad1 |
@@ -30,12 +30,12 @@
|
|
|
816ad1 |
int
|
|
|
816ad1 |
md5_pw_cmp( const char *userpwd, const char *dbpwd )
|
|
|
816ad1 |
{
|
|
|
816ad1 |
- int rc=-1;
|
|
|
816ad1 |
- char * bver;
|
|
|
816ad1 |
- PK11Context *ctx=NULL;
|
|
|
816ad1 |
+ int32_t rc=-1;
|
|
|
816ad1 |
+ char *bver;
|
|
|
816ad1 |
+ PK11Context *ctx = NULL;
|
|
|
816ad1 |
unsigned int outLen;
|
|
|
816ad1 |
unsigned char hash_out[MD5_HASH_LEN];
|
|
|
816ad1 |
- unsigned char b2a_out[MD5_HASH_LEN*2]; /* conservative */
|
|
|
816ad1 |
+ unsigned char b2a_out[MD5_HASH_LEN * 2]; /* conservative */
|
|
|
816ad1 |
SECItem binary_item;
|
|
|
816ad1 |
|
|
|
816ad1 |
ctx = PK11_CreateDigestContext(SEC_OID_MD5);
|
|
|
816ad1 |
@@ -57,10 +57,10 @@ md5_pw_cmp( const char *userpwd, const char *dbpwd )
|
|
|
816ad1 |
bver = NSSBase64_EncodeItem(NULL, (char *)b2a_out, sizeof b2a_out, &binary_item);
|
|
|
816ad1 |
/* bver points to b2a_out upon success */
|
|
|
816ad1 |
if (bver) {
|
|
|
816ad1 |
- rc = slapi_ct_memcmp(bver,dbpwd, strlen(dbpwd));
|
|
|
816ad1 |
+ rc = slapi_ct_memcmp(bver,dbpwd, strlen(dbpwd), strlen(bver));
|
|
|
816ad1 |
} else {
|
|
|
816ad1 |
- slapi_log_err(SLAPI_LOG_PLUGIN, MD5_SUBSYSTEM_NAME,
|
|
|
816ad1 |
- "Could not base64 encode hashed value for password compare");
|
|
|
816ad1 |
+ slapi_log_err(SLAPI_LOG_PLUGIN, MD5_SUBSYSTEM_NAME,
|
|
|
816ad1 |
+ "Could not base64 encode hashed value for password compare");
|
|
|
816ad1 |
}
|
|
|
816ad1 |
loser:
|
|
|
816ad1 |
return rc;
|
|
|
816ad1 |
diff --git a/ldap/servers/plugins/pwdstorage/sha_pwd.c b/ldap/servers/plugins/pwdstorage/sha_pwd.c
|
|
|
816ad1 |
index 5f41c5b93..c9db8964a 100644
|
|
|
816ad1 |
--- a/ldap/servers/plugins/pwdstorage/sha_pwd.c
|
|
|
816ad1 |
+++ b/ldap/servers/plugins/pwdstorage/sha_pwd.c
|
|
|
816ad1 |
@@ -49,7 +49,7 @@ sha_pw_cmp (const char *userpwd, const char *dbpwd, unsigned int shaLen )
|
|
|
816ad1 |
char userhash[MAX_SHA_HASH_SIZE];
|
|
|
816ad1 |
char quick_dbhash[MAX_SHA_HASH_SIZE + SHA_SALT_LENGTH + 3];
|
|
|
816ad1 |
char *dbhash = quick_dbhash;
|
|
|
816ad1 |
- struct berval salt;
|
|
|
816ad1 |
+ struct berval salt = {0};
|
|
|
816ad1 |
PRUint32 hash_len;
|
|
|
816ad1 |
unsigned int secOID;
|
|
|
816ad1 |
char *schemeName;
|
|
|
816ad1 |
@@ -120,10 +120,20 @@ sha_pw_cmp (const char *userpwd, const char *dbpwd, unsigned int shaLen )
|
|
|
816ad1 |
}
|
|
|
816ad1 |
|
|
|
816ad1 |
/* the proof is in the comparison... */
|
|
|
816ad1 |
- if ( hash_len >= shaLen ) {
|
|
|
816ad1 |
- result = slapi_ct_memcmp( userhash, dbhash, shaLen );
|
|
|
816ad1 |
+ if (hash_len >= shaLen) {
|
|
|
816ad1 |
+ /*
|
|
|
816ad1 |
+ * This say "if the hash has a salt IE >, OR if they are equal, check the hash component ONLY.
|
|
|
816ad1 |
+ * This is why we repeat shaLen twice, even though it seems odd. If you have a dbhast of ssha
|
|
|
816ad1 |
+ * it's len is 28, and the userpw is 20, but 0 - 20 is the sha, and 21-28 is the salt, which
|
|
|
816ad1 |
+ * has already been processed into userhash.
|
|
|
816ad1 |
+ * The case where dbpwd is truncated is handled above in "invalid base64" arm.
|
|
|
816ad1 |
+ */
|
|
|
816ad1 |
+ result = slapi_ct_memcmp(userhash, dbhash, shaLen, shaLen);
|
|
|
816ad1 |
} else {
|
|
|
816ad1 |
- result = slapi_ct_memcmp( userhash, dbhash + OLD_SALT_LENGTH, hash_len - OLD_SALT_LENGTH );
|
|
|
816ad1 |
+ /* This case is for if the salt is at the START, which only applies to DS40B1 case.
|
|
|
816ad1 |
+ * May never be a valid check...
|
|
|
816ad1 |
+ */
|
|
|
816ad1 |
+ result = slapi_ct_memcmp(userhash, dbhash + OLD_SALT_LENGTH, shaLen, hash_len - OLD_SALT_LENGTH);
|
|
|
816ad1 |
}
|
|
|
816ad1 |
|
|
|
816ad1 |
loser:
|
|
|
816ad1 |
diff --git a/ldap/servers/plugins/pwdstorage/smd5_pwd.c b/ldap/servers/plugins/pwdstorage/smd5_pwd.c
|
|
|
816ad1 |
index 2e9d195ea..f6b4bb4a0 100644
|
|
|
816ad1 |
--- a/ldap/servers/plugins/pwdstorage/smd5_pwd.c
|
|
|
816ad1 |
+++ b/ldap/servers/plugins/pwdstorage/smd5_pwd.c
|
|
|
816ad1 |
@@ -52,35 +52,37 @@ smd5_pw_cmp( const char *userpwd, const char *dbpwd )
|
|
|
816ad1 |
/*
|
|
|
816ad1 |
* Decode hash stored in database.
|
|
|
816ad1 |
*/
|
|
|
816ad1 |
- hash_len = pwdstorage_base64_decode_len(dbpwd, 0);
|
|
|
816ad1 |
- if ( hash_len >= sizeof(quick_dbhash) ) { /* get more space: */
|
|
|
816ad1 |
- dbhash = (char*) slapi_ch_calloc( hash_len + 1, sizeof(char) );
|
|
|
816ad1 |
- if ( dbhash == NULL ) goto loser;
|
|
|
816ad1 |
- } else {
|
|
|
816ad1 |
- memset( quick_dbhash, 0, sizeof(quick_dbhash) );
|
|
|
816ad1 |
- }
|
|
|
816ad1 |
-
|
|
|
816ad1 |
- hashresult = PL_Base64Decode( dbpwd, 0, dbhash );
|
|
|
816ad1 |
- if (NULL == hashresult) {
|
|
|
816ad1 |
- slapi_log_err(SLAPI_LOG_PLUGIN, SALTED_MD5_SUBSYSTEM_NAME,
|
|
|
816ad1 |
- "smd5_pw_cmp: userPassword \"%s\" is the wrong length "
|
|
|
816ad1 |
- "or is not properly encoded BASE64\n", dbpwd );
|
|
|
816ad1 |
- goto loser;
|
|
|
816ad1 |
- }
|
|
|
816ad1 |
-
|
|
|
816ad1 |
- salt.bv_val = (void*)(dbhash + MD5_LENGTH); /* salt starts after hash value */
|
|
|
816ad1 |
- salt.bv_len = hash_len - MD5_LENGTH; /* remaining bytes must be salt */
|
|
|
816ad1 |
-
|
|
|
816ad1 |
- /* create the hash */
|
|
|
816ad1 |
- memset( userhash, 0, sizeof(userhash) );
|
|
|
816ad1 |
- PK11_DigestBegin(ctx);
|
|
|
816ad1 |
- PK11_DigestOp(ctx, (const unsigned char *)userpwd, strlen(userpwd));
|
|
|
816ad1 |
- PK11_DigestOp(ctx, (unsigned char*)(salt.bv_val), salt.bv_len);
|
|
|
816ad1 |
- PK11_DigestFinal(ctx, userhash, &outLen, sizeof userhash);
|
|
|
816ad1 |
- PK11_DestroyContext(ctx, 1);
|
|
|
816ad1 |
-
|
|
|
816ad1 |
- /* Compare everything up to the salt. */
|
|
|
816ad1 |
- rc = slapi_ct_memcmp( userhash, dbhash, MD5_LENGTH );
|
|
|
816ad1 |
+ hash_len = pwdstorage_base64_decode_len(dbpwd, 0);
|
|
|
816ad1 |
+ if (hash_len >= sizeof(quick_dbhash)) { /* get more space: */
|
|
|
816ad1 |
+ dbhash = (char *)slapi_ch_calloc(hash_len + 1, sizeof(char));
|
|
|
816ad1 |
+ if (dbhash == NULL)
|
|
|
816ad1 |
+ goto loser;
|
|
|
816ad1 |
+ } else {
|
|
|
816ad1 |
+ memset(quick_dbhash, 0, sizeof(quick_dbhash));
|
|
|
816ad1 |
+ }
|
|
|
816ad1 |
+
|
|
|
816ad1 |
+ hashresult = PL_Base64Decode(dbpwd, 0, dbhash);
|
|
|
816ad1 |
+ if (NULL == hashresult) {
|
|
|
816ad1 |
+ slapi_log_err(SLAPI_LOG_PLUGIN, SALTED_MD5_SUBSYSTEM_NAME,
|
|
|
816ad1 |
+ "smd5_pw_cmp: userPassword \"%s\" is the wrong length "
|
|
|
816ad1 |
+ "or is not properly encoded BASE64\n",
|
|
|
816ad1 |
+ dbpwd);
|
|
|
816ad1 |
+ goto loser;
|
|
|
816ad1 |
+ }
|
|
|
816ad1 |
+
|
|
|
816ad1 |
+ salt.bv_val = (void *)(dbhash + MD5_LENGTH); /* salt starts after hash value */
|
|
|
816ad1 |
+ salt.bv_len = hash_len - MD5_LENGTH; /* remaining bytes must be salt */
|
|
|
816ad1 |
+
|
|
|
816ad1 |
+ /* create the hash */
|
|
|
816ad1 |
+ memset(userhash, 0, sizeof(userhash));
|
|
|
816ad1 |
+ PK11_DigestBegin(ctx);
|
|
|
816ad1 |
+ PK11_DigestOp(ctx, (const unsigned char *)userpwd, strlen(userpwd));
|
|
|
816ad1 |
+ PK11_DigestOp(ctx, (unsigned char *)(salt.bv_val), salt.bv_len);
|
|
|
816ad1 |
+ PK11_DigestFinal(ctx, userhash, &outLen, sizeof userhash);
|
|
|
816ad1 |
+ PK11_DestroyContext(ctx, 1);
|
|
|
816ad1 |
+
|
|
|
816ad1 |
+ /* Compare everything up to the salt. */
|
|
|
816ad1 |
+ rc = slapi_ct_memcmp(userhash, dbhash, MD5_LENGTH, MD5_LENGTH);
|
|
|
816ad1 |
|
|
|
816ad1 |
loser:
|
|
|
816ad1 |
if ( dbhash && dbhash != quick_dbhash ) slapi_ch_free_string( (char **)&dbhash );
|
|
|
816ad1 |
diff --git a/ldap/servers/slapd/ch_malloc.c b/ldap/servers/slapd/ch_malloc.c
|
|
|
816ad1 |
index 52ccb64e8..da0b5f6d8 100644
|
|
|
816ad1 |
--- a/ldap/servers/slapd/ch_malloc.c
|
|
|
816ad1 |
+++ b/ldap/servers/slapd/ch_malloc.c
|
|
|
816ad1 |
@@ -343,8 +343,8 @@ slapi_ch_smprintf(const char *fmt, ...)
|
|
|
816ad1 |
|
|
|
816ad1 |
/* Constant time memcmp. Does not shortcircuit on failure! */
|
|
|
816ad1 |
/* This relies on p1 and p2 both being size at least n! */
|
|
|
816ad1 |
-int
|
|
|
816ad1 |
-slapi_ct_memcmp( const void *p1, const void *p2, size_t n)
|
|
|
816ad1 |
+int32_t
|
|
|
816ad1 |
+slapi_ct_memcmp( const void *p1, const void *p2, size_t n1, size_t n2)
|
|
|
816ad1 |
{
|
|
|
816ad1 |
int result = 0;
|
|
|
816ad1 |
const unsigned char *_p1 = (const unsigned char *)p1;
|
|
|
816ad1 |
@@ -353,10 +353,35 @@ slapi_ct_memcmp( const void *p1, const void *p2, size_t n)
|
|
|
816ad1 |
if (_p1 == NULL || _p2 == NULL) {
|
|
|
816ad1 |
return 2;
|
|
|
816ad1 |
}
|
|
|
816ad1 |
-
|
|
|
816ad1 |
- for (size_t i = 0; i < n; i++) {
|
|
|
816ad1 |
- if (_p1[i] ^ _p2[i]) {
|
|
|
816ad1 |
- result = 1;
|
|
|
816ad1 |
+ if (n1 == n2) {
|
|
|
816ad1 |
+ for (size_t i = 0; i < n1; i++) {
|
|
|
816ad1 |
+ if (_p1[i] ^ _p2[i]) {
|
|
|
816ad1 |
+ result = 1;
|
|
|
816ad1 |
+ }
|
|
|
816ad1 |
+ }
|
|
|
816ad1 |
+ } else {
|
|
|
816ad1 |
+ const unsigned char *_pa;
|
|
|
816ad1 |
+ const unsigned char *_pb;
|
|
|
816ad1 |
+ size_t nl;
|
|
|
816ad1 |
+ if (n2 > n1) {
|
|
|
816ad1 |
+ _pa = _p2;
|
|
|
816ad1 |
+ _pb = _p2;
|
|
|
816ad1 |
+ nl = n2;
|
|
|
816ad1 |
+ } else {
|
|
|
816ad1 |
+ _pa = _p1;
|
|
|
816ad1 |
+ _pb = _p1;
|
|
|
816ad1 |
+ nl = n1;
|
|
|
816ad1 |
+ }
|
|
|
816ad1 |
+ /* We already fail as n1 != n2 */
|
|
|
816ad1 |
+ result = 3;
|
|
|
816ad1 |
+ for (size_t i = 0; i < nl; i++) {
|
|
|
816ad1 |
+ if (_pa[i] ^ _pb[i]) {
|
|
|
816ad1 |
+ /*
|
|
|
816ad1 |
+ * If we don't mutate result here, dead code elimination
|
|
|
816ad1 |
+ * we remove for loop.
|
|
|
816ad1 |
+ */
|
|
|
816ad1 |
+ result = 4;
|
|
|
816ad1 |
+ }
|
|
|
816ad1 |
}
|
|
|
816ad1 |
}
|
|
|
816ad1 |
return result;
|
|
|
816ad1 |
diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
|
|
|
816ad1 |
index 16aa1b711..8555be939 100644
|
|
|
816ad1 |
--- a/ldap/servers/slapd/slapi-plugin.h
|
|
|
816ad1 |
+++ b/ldap/servers/slapd/slapi-plugin.h
|
|
|
816ad1 |
@@ -5856,7 +5856,7 @@ char * slapi_ch_smprintf(const char *fmt, ...)
|
|
|
816ad1 |
* \param n length in bytes of the content of p1 AND p2.
|
|
|
816ad1 |
* \return 0 on match. 1 on non-match. 2 on presence of NULL pointer in p1 or p2.
|
|
|
816ad1 |
*/
|
|
|
816ad1 |
-int slapi_ct_memcmp( const void *p1, const void *p2, size_t n);
|
|
|
816ad1 |
+int32_t slapi_ct_memcmp( const void *p1, const void *p2, size_t n1, size_t n2);
|
|
|
816ad1 |
|
|
|
816ad1 |
/*
|
|
|
816ad1 |
* syntax plugin routines
|
|
|
816ad1 |
--
|
|
|
816ad1 |
2.13.6
|
|
|
816ad1 |
|