Date: Fri, 21 Jan 2011 16:44:37 GMT From: "Matthew X. Economou" <xenophon+fbsdports@irtnog.org> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/154207: security/p5-Crypt-RandPasswd: patch for method invocation bug in Crypt::RandPasswd->random_chars_in_range() Message-ID: <201101211644.p0LGibew091977@red.freebsd.org> Resent-Message-ID: <201101211650.p0LGoCrn099585@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 154207 >Category: ports >Synopsis: security/p5-Crypt-RandPasswd: patch for method invocation bug in Crypt::RandPasswd->random_chars_in_range() >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Fri Jan 21 16:50:12 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Matthew X. Economou >Release: FreeBSD/amd64 9-CURRENT >Organization: IRTNOG >Environment: FreeBSD lp-001c230aae10.irtnog.net 9.0-CURRENT FreeBSD 9.0-CURRENT #2: Wed Jan 19 09:42:11 EST 2011 root@lp-001c230aae10.irtnog.net:/usr/obj/usr/src/sys/LP-001C230AAE10 amd64 >Description: If an external caller invokes the the method Crypt::RandPasswd->random_chars_in_range(), Perl prepends the object name to the function's argument list. This causes the local variables $minlen, $maxlen, $lo_char, and $hi_char to be set incorrectly ($minlen is set to the object name, $maxlen is set to what should have been the minimum length, $lo_char is set to what should have been the maximum length, and $hi_char is set to what should have been the first character in the given range), so that the method returns an incorrect result. When random_chars_in_range() is called from within the module (e.g., by the letters() method), Perl does not modify the argument list, so the random_chars_in_range() method works as documented. >How-To-Repeat: These two commands should have an equivalent result (32 random lower-case letters): perl -MCrypt::RandPasswd -e 'print Crypt::RandPasswd->letters(32,32),"\n";' perl -MCrypt::RandPasswd -e 'print Crypt::RandPasswd->random_chars_in_range(32,32, "a" => "z"),"\n";' However, the second command will result in a random string from zero to 32 characters long taken from the set ASCII code 32 (space) through the letter "a". >Fix: Apply this patch to the Crypt::RandPasswd sources, which in random_chars_in_range(), adds a check to the argument list length prior to parsing, and if it is greater than 4 items, shifts the list down by one: --- Crypt-RandPasswd-0.02/lib/Crypt/RandPasswd.pm.orig 2011-01-20 15:12:21.305822700 -0500 +++ Crypt-RandPasswd-0.02/lib/Crypt/RandPasswd.pm 2011-01-21 10:55:30.872462500 -0500 @@ -1466,6 +1466,7 @@ =cut sub random_chars_in_range($$$$) { + @_ > 4 and shift; my( $minlen, $maxlen, $lo_char, $hi_char ) = @_; $minlen <= $maxlen or die "minlen $minlen is greater than maxlen $maxlen"; >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201101211644.p0LGibew091977>