From owner-freebsd-ports-bugs@FreeBSD.ORG Fri Jan 21 16:50:12 2011 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 974E7106567A for ; Fri, 21 Jan 2011 16:50:12 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 72D7A8FC1F for ; Fri, 21 Jan 2011 16:50:12 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p0LGoCfE099591 for ; Fri, 21 Jan 2011 16:50:12 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p0LGoCrn099585; Fri, 21 Jan 2011 16:50:12 GMT (envelope-from gnats) Resent-Date: Fri, 21 Jan 2011 16:50:12 GMT Resent-Message-Id: <201101211650.p0LGoCrn099585@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Matthew X. Economou" Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C93E0106564A for ; Fri, 21 Jan 2011 16:44:38 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (unknown [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id 9D1DE8FC17 for ; Fri, 21 Jan 2011 16:44:38 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p0LGibVK091978 for ; Fri, 21 Jan 2011 16:44:37 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.4/8.14.4/Submit) id p0LGibew091977; Fri, 21 Jan 2011 16:44:37 GMT (envelope-from nobody) Message-Id: <201101211644.p0LGibew091977@red.freebsd.org> Date: Fri, 21 Jan 2011 16:44:37 GMT From: "Matthew X. Economou" To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: ports/154207: security/p5-Crypt-RandPasswd: patch for method invocation bug in Crypt::RandPasswd->random_chars_in_range() X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jan 2011 16:50:12 -0000 >Number: 154207 >Category: ports >Synopsis: security/p5-Crypt-RandPasswd: patch for method invocation bug in Crypt::RandPasswd->random_chars_in_range() >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Fri Jan 21 16:50:12 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Matthew X. Economou >Release: FreeBSD/amd64 9-CURRENT >Organization: IRTNOG >Environment: FreeBSD lp-001c230aae10.irtnog.net 9.0-CURRENT FreeBSD 9.0-CURRENT #2: Wed Jan 19 09:42:11 EST 2011 root@lp-001c230aae10.irtnog.net:/usr/obj/usr/src/sys/LP-001C230AAE10 amd64 >Description: If an external caller invokes the the method Crypt::RandPasswd->random_chars_in_range(), Perl prepends the object name to the function's argument list. This causes the local variables $minlen, $maxlen, $lo_char, and $hi_char to be set incorrectly ($minlen is set to the object name, $maxlen is set to what should have been the minimum length, $lo_char is set to what should have been the maximum length, and $hi_char is set to what should have been the first character in the given range), so that the method returns an incorrect result. When random_chars_in_range() is called from within the module (e.g., by the letters() method), Perl does not modify the argument list, so the random_chars_in_range() method works as documented. >How-To-Repeat: These two commands should have an equivalent result (32 random lower-case letters): perl -MCrypt::RandPasswd -e 'print Crypt::RandPasswd->letters(32,32),"\n";' perl -MCrypt::RandPasswd -e 'print Crypt::RandPasswd->random_chars_in_range(32,32, "a" => "z"),"\n";' However, the second command will result in a random string from zero to 32 characters long taken from the set ASCII code 32 (space) through the letter "a". >Fix: Apply this patch to the Crypt::RandPasswd sources, which in random_chars_in_range(), adds a check to the argument list length prior to parsing, and if it is greater than 4 items, shifts the list down by one: --- Crypt-RandPasswd-0.02/lib/Crypt/RandPasswd.pm.orig 2011-01-20 15:12:21.305822700 -0500 +++ Crypt-RandPasswd-0.02/lib/Crypt/RandPasswd.pm 2011-01-21 10:55:30.872462500 -0500 @@ -1466,6 +1466,7 @@ =cut sub random_chars_in_range($$$$) { + @_ > 4 and shift; my( $minlen, $maxlen, $lo_char, $hi_char ) = @_; $minlen <= $maxlen or die "minlen $minlen is greater than maxlen $maxlen"; >Release-Note: >Audit-Trail: >Unformatted: