Date: Fri, 1 Nov 2002 19:57:13 +0900 (JST) From: Hideki SAKAMOTO <sakamoto@hlla.is.tsukuba.ac.jp> To: FreeBSD-gnats-submit@FreeBSD.org Cc: sakamoto@hlla.is.tsukuba.ac.jp Subject: bin/44808: opiepasswd makes bad seed for existing user Message-ID: <200211011057.gA1AvDmY043774@sandbag.hlla.is.tsukuba.ac.jp>
next in thread | raw e-mail | index | archive | help
>Number: 44808
>Category: bin
>Synopsis: opiepasswd makes bad seed for existing user
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Nov 01 03:00:07 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Hideki SAKAMOTO
>Release: FreeBSD 4.7-RELEASE-p1 i386
>Organization:
>Environment:
System: FreeBSD xxxxxxxx 4.7-RELEASE-p1 FreeBSD 4.7-RELEASE-p1 #1: Fri Oct 25 16:54:58 JST 2002 sakamoto@xxxxxxxx:/usr/obj/usr/src/sys/XXXXXXXX i386
>Description:
Opienewseed() function has two problem.
1. It will chomp two digit at the end of the seed.
2. If the current seed hasn't ended in digits, "opiepasswd" without new seed
will have attached the '1' at the end of the seed.
After these problem was fixed, I found another problem;
3. If seed's digit have consisted of '9's, these digits will have
replaced '1'(just one character).
>How-To-Repeat:
Repeat opiepasswd command.
% opiepasswd -c
Adding sakamoto:
Only use this method from the console; NEVER from remote. If you are using
telnet, xterm, or a dial-in, type ^C now or exit with no password.
Then run opiepasswd without the -c parameter.
Using MD5 to compute responses.
Enter new secret pass phrase:
Again new secret pass phrase:
=> ID sakamoto OTP key is 499 pu9478 <=
XXXX XXX XXXX XXX XXXX XXX
% opiepasswd -c
Updating sakamoto:
Only use this method from the console; NEVER from remote. If you are using
telnet, xterm, or a dial-in, type ^C now or exit with no password.
Then run opiepasswd without the -c parameter.
Using MD5 to compute responses.
Enter old secret pass phrase:
Enter new secret pass phrase:
Again new secret pass phrase:
=> ID sakamoto OTP key is 499 pu94 <=
XXX XXXX XXX XXXX XXX XXXX
% opiepasswd -c
Updating sakamoto:
Only use this method from the console; NEVER from remote. If you are using
telnet, xterm, or a dial-in, type ^C now or exit with no password.
Then run opiepasswd without the -c parameter.
Using MD5 to compute responses.
Enter old secret pass phrase:
Enter new secret pass phrase:
Again new secret pass phrase:
=> ID sakamoto OTP key is 499 pu <=
XXX XXXX XXX XXXX XXX XXXX
% opiepasswd -c
Updating sakamoto:
Only use this method from the console; NEVER from remote. If you are using
telnet, xterm, or a dial-in, type ^C now or exit with no password.
Then run opiepasswd without the -c parameter.
Using MD5 to compute responses.
Enter old secret pass phrase:
Enter new secret pass phrase:
Again new secret pass phrase:
=> ID sakamoto OTP key is 499 pu1 <=
XXX XXXX XXX XXXX XXX XXXX
% opiepasswd -c
Updating sakamoto:
!! You must use a different seed for the new OTP sequence. !!
>Fix:
Apply this patch.
*** /usr/src/contrib/opie/libopie/newseed.c.orig Fri Nov 1 18:35:56 2002
--- /usr/src/contrib/opie/libopie/newseed.c Fri Nov 1 18:51:29 2002
***************
*** 54,65 ****
max *= 10;
if ((i = strtoul(++c, (char **)0, 10)) < max) {
! if (++i >= max)
! i = 1;
!
! snprintf(c, end - c, "%d", i);
! seed[OPIE_SEED_MAX] = 0;
! return 0;
}
}
--- 54,64 ----
max *= 10;
if ((i = strtoul(++c, (char **)0, 10)) < max) {
! if (++i < max) {
! snprintf(c, end - c + 2, "%d", i);
! seed[OPIE_SEED_MAX] = 0;
! return 0;
! }
}
}
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200211011057.gA1AvDmY043774>