Date: Mon, 30 Jun 2014 10:25:02 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 191511] New: opiepasswd segfaults with a seed length > 12 Message-ID: <bug-191511-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191511 Bug ID: 191511 Summary: opiepasswd segfaults with a seed length > 12 Product: Base System Version: 10.0-RELEASE Hardware: Any OS: Any Status: Needs Triage Severity: Affects Only Me Priority: Normal Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: mitsururike@gmail.com opiepasswd segfaults with a seed length > 12 " ext" is added to the challenge in libopie/challenge.c but it is not included in the calculation of the OPIE_CHALLENGE_MAX in opie.h. Falling back to randomchallenge() and clearing mp causes segfault in opieatob8(). Environment: System: FreeBSD 10.0-RELEASE-p4 amd64 How-To-Repeat: opiepasswd -s 0123456789012 Fix: --- opie.h.dist 2014-06-30 16:53:37.000000000 +0900 +++ opie.h 2014-06-30 16:53:55.000000000 +0900 @@ -72,8 +72,8 @@ /* Max length of hash algorithm name (md4/md5) */ #define OPIE_HASHNAME_MAX 3 -/* Maximum length of a challenge (otp-md? 9999 seed) */ -#define OPIE_CHALLENGE_MAX (4+OPIE_HASHNAME_MAX+1+4+1+OPIE_SEED_MAX) +/* Maximum length of a challenge (otp-md? 9999 seed ext) */ +#define OPIE_CHALLENGE_MAX (4+OPIE_HASHNAME_MAX+1+4+1+OPIE_SEED_MAX+4) /* Maximum length of a response that we allow */ #define OPIE_RESPONSE_MAX (9+1+19+1+9+OPIE_SEED_MAX+1+19+1+19+1+19) -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-191511-8>