From owner-freebsd-bugs Fri Nov 1 3: 0:13 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7ED4A37B401 for ; Fri, 1 Nov 2002 03:00:09 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8E1ED43E88 for ; Fri, 1 Nov 2002 03:00:08 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id gA1B08x3056525 for ; Fri, 1 Nov 2002 03:00:08 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id gA1B08b8056524; Fri, 1 Nov 2002 03:00:08 -0800 (PST) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0310E37B401 for ; Fri, 1 Nov 2002 02:54:08 -0800 (PST) Received: from sandbag.hlla.is.tsukuba.ac.jp (sandbag.hlla.is.tsukuba.ac.jp [130.158.85.142]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6062E43E75 for ; Fri, 1 Nov 2002 02:54:07 -0800 (PST) (envelope-from sakamoto@sandbag.hlla.is.tsukuba.ac.jp) Received: from sandbag.hlla.is.tsukuba.ac.jp (localhost [127.0.0.1]) by sandbag.hlla.is.tsukuba.ac.jp (8.12.6/8.12.6) with ESMTP id gA1AvEt0043775; Fri, 1 Nov 2002 19:57:14 +0900 (JST) (envelope-from sakamoto@sandbag.hlla.is.tsukuba.ac.jp) Received: (from root@localhost) by sandbag.hlla.is.tsukuba.ac.jp (8.12.6/8.12.6/Submit) id gA1AvDmY043774; Fri, 1 Nov 2002 19:57:13 +0900 (JST) Message-Id: <200211011057.gA1AvDmY043774@sandbag.hlla.is.tsukuba.ac.jp> Date: Fri, 1 Nov 2002 19:57:13 +0900 (JST) From: Hideki SAKAMOTO Reply-To: Hideki SAKAMOTO To: FreeBSD-gnats-submit@FreeBSD.org Cc: sakamoto@hlla.is.tsukuba.ac.jp X-Send-Pr-Version: 3.113 Subject: bin/44808: opiepasswd makes bad seed for existing user Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 44808 >Category: bin >Synopsis: opiepasswd makes bad seed for existing user >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Nov 01 03:00:07 PST 2002 >Closed-Date: >Last-Modified: >Originator: Hideki SAKAMOTO >Release: FreeBSD 4.7-RELEASE-p1 i386 >Organization: >Environment: System: FreeBSD xxxxxxxx 4.7-RELEASE-p1 FreeBSD 4.7-RELEASE-p1 #1: Fri Oct 25 16:54:58 JST 2002 sakamoto@xxxxxxxx:/usr/obj/usr/src/sys/XXXXXXXX i386 >Description: Opienewseed() function has two problem. 1. It will chomp two digit at the end of the seed. 2. If the current seed hasn't ended in digits, "opiepasswd" without new seed will have attached the '1' at the end of the seed. After these problem was fixed, I found another problem; 3. If seed's digit have consisted of '9's, these digits will have replaced '1'(just one character). >How-To-Repeat: Repeat opiepasswd command. % opiepasswd -c Adding sakamoto: Only use this method from the console; NEVER from remote. If you are using telnet, xterm, or a dial-in, type ^C now or exit with no password. Then run opiepasswd without the -c parameter. Using MD5 to compute responses. Enter new secret pass phrase: Again new secret pass phrase: => ID sakamoto OTP key is 499 pu9478 <= XXXX XXX XXXX XXX XXXX XXX % opiepasswd -c Updating sakamoto: Only use this method from the console; NEVER from remote. If you are using telnet, xterm, or a dial-in, type ^C now or exit with no password. Then run opiepasswd without the -c parameter. Using MD5 to compute responses. Enter old secret pass phrase: Enter new secret pass phrase: Again new secret pass phrase: => ID sakamoto OTP key is 499 pu94 <= XXX XXXX XXX XXXX XXX XXXX % opiepasswd -c Updating sakamoto: Only use this method from the console; NEVER from remote. If you are using telnet, xterm, or a dial-in, type ^C now or exit with no password. Then run opiepasswd without the -c parameter. Using MD5 to compute responses. Enter old secret pass phrase: Enter new secret pass phrase: Again new secret pass phrase: => ID sakamoto OTP key is 499 pu <= XXX XXXX XXX XXXX XXX XXXX % opiepasswd -c Updating sakamoto: Only use this method from the console; NEVER from remote. If you are using telnet, xterm, or a dial-in, type ^C now or exit with no password. Then run opiepasswd without the -c parameter. Using MD5 to compute responses. Enter old secret pass phrase: Enter new secret pass phrase: Again new secret pass phrase: => ID sakamoto OTP key is 499 pu1 <= XXX XXXX XXX XXXX XXX XXXX % opiepasswd -c Updating sakamoto: !! You must use a different seed for the new OTP sequence. !! >Fix: Apply this patch. *** /usr/src/contrib/opie/libopie/newseed.c.orig Fri Nov 1 18:35:56 2002 --- /usr/src/contrib/opie/libopie/newseed.c Fri Nov 1 18:51:29 2002 *************** *** 54,65 **** max *= 10; if ((i = strtoul(++c, (char **)0, 10)) < max) { ! if (++i >= max) ! i = 1; ! ! snprintf(c, end - c, "%d", i); ! seed[OPIE_SEED_MAX] = 0; ! return 0; } } --- 54,64 ---- max *= 10; if ((i = strtoul(++c, (char **)0, 10)) < max) { ! if (++i < max) { ! snprintf(c, end - c + 2, "%d", i); ! seed[OPIE_SEED_MAX] = 0; ! return 0; ! } } } >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message