From owner-freebsd-bugs Wed May 30 10:30:18 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 82FC637B423 for ; Wed, 30 May 2001 10:30:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f4UHU1S03249; Wed, 30 May 2001 10:30:01 -0700 (PDT) (envelope-from gnats) Received: from mgate09.so-net.ne.jp (mgate09.so-net.ne.jp [210.139.254.156]) by hub.freebsd.org (Postfix) with ESMTP id E97AB37B424 for ; Wed, 30 May 2001 10:25:31 -0700 (PDT) (envelope-from ipfw@ya3.so-net.ne.jp) Received: from mail.ya3.so-net.ne.jp (mspool11.so-net.ne.jp [210.139.248.11]) by mgate09.so-net.ne.jp (8.8.8+3.0Wbeta9/3.6W01050922) with ESMTP id CAA06805 for ; Thu, 31 May 2001 02:25:30 +0900 (JST) Received: from localhost (pdf49cf.kngwnt01.ap.so-net.ne.jp [202.223.73.207]) by mail.ya3.so-net.ne.jp with ESMTP id f4UHPT126620 for ; Thu, 31 May 2001 02:25:29 +0900 (JST) Message-Id: <20010531022504E.koya@pluto.math.yokohama-cu.ac.jp> Date: Thu, 31 May 2001 02:25:04 +0900 From: Yoshihiro Koya To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: bin/27775: Too short salt of Blowfish of 4.3-STABLE Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 27775 >Category: bin >Synopsis: Too short salt of Blowfish of 4.3-STABLE >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed May 30 10:30:01 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Yoshihiro Koya >Release: FreeBSD 4.3-STABLE i386 >Organization: Dept. of Math. Sci, Yokohama City Univ. >Environment: System: FreeBSD presario.my.domain 4.3-STABLE FreeBSD 4.3-STABLE #0: Thu May 31 01:27:03 JST 2001 root@presario.my.domain:/usr/obj/usr/src/sys/presario i386 local_passwd.c: $FreeBSD: src/usr.bin/passwd/local_passwd.c,v 1.24.2.1 2000/09/20 11:19:55 green Exp $ >Description: Salt for blowfish generated by passwd(1) is too short. >How-To-Repeat: Use passwd with blowfish hashing scheme. Then you would obtain something like foo:$2a$04$wJnEuWLj..............OFE3dSydtf7u8rFWbuNGJ7rH0YNUYsW:1010:20::0:0:User &:/tmp:/bin/csh (The above user foo and his password is an experimental one. :-) >Fix: local_passwd.c of rev. 1.27 seems to work well. Please MFC. Index: local_passwd.c =================================================================== RCS file: /home/ncvs/src/usr.bin/passwd/local_passwd.c,v retrieving revision 1.27 retrieving revision 1.24.2.1 diff -u -r1.27 -r1.24.2.1 --- local_passwd.c 2001/03/11 16:37:30 1.27 +++ local_passwd.c 2000/09/20 11:19:55 1.24.2.1 @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/usr.bin/passwd/local_passwd.c,v 1.27 2001/03/11 16:37:30 markm Exp $ + * $FreeBSD: src/usr.bin/passwd/local_passwd.c,v 1.24.2.1 2000/09/20 11:19:55 green Exp $ */ #ifndef lint @@ -100,7 +100,7 @@ #ifdef LOGIN_CAP login_cap_t * lc; #endif - char buf[_PASSWORD_LEN+1], salt[32]; + char buf[_PASSWORD_LEN+1], salt[10]; struct timeval tv; if (!nis) @@ -182,11 +182,7 @@ to64(&salt[0], random(), 3); to64(&salt[3], tv.tv_usec, 3); to64(&salt[6], tv.tv_sec, 2); - to64(&salt[8], random(), 5); - to64(&salt[13], random(), 5); - to64(&salt[17], random(), 5); - to64(&salt[22], random(), 5); - salt[27] = '\0'; + salt[8] = '\0'; #endif return (crypt(buf, salt)); } >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message