Date: Wed, 7 Jun 2017 14:35:31 +0200 From: Matthias Apitz <guru@unixarea.de> To: freebsd-current@freebsd.org Subject: Re: mount_smbfs gives error when stored crypted pw is used Message-ID: <20170607123531.GA4867@c720-r314251> In-Reply-To: <20170606123738.GA5213@c720-r314251> References: <20170606100034.GA4245@c720-r314251> <20170606123738.GA5213@c720-r314251>
next in thread | previous in thread | raw e-mail | index | archive | help
--M9NhX3UHpAaciwkO
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
I have located the bug in /usr/src/contrib/smbfs/lib/smb/subr.c=20
The printf(3C) calls have been added for debugging; the bug is the
addition of 13 after crypting every char which let the mask used in ^ opera=
tion
exceeding 256, i.e. more than one byte, if the string to be crypted is long
enough. The two lines added:
if (pos > 256)
pos =3D pos-256;
fixes this issue and the crypting/decypting works fine; see below;
I'll later file a PR and propose the patch;
matthias
char *
smb_simplecrypt(char *dst, const char *src)
{
int ch, pos;
char *dp;
printf("smb_simplecrypt(): pw: [%s]\n", src);
if (dst =3D=3D NULL) {
dst =3D malloc(4 + 2 * strlen(src));
if (dst =3D=3D NULL)
return NULL;
}
dp =3D dst;
*dst++ =3D '$';
*dst++ =3D '$';
*dst++ =3D '1';
pos =3D 27;
while (*src) {
ch =3D *src++;
printf("ch [%c] --> ", ch);
if (isascii(ch))
ch =3D (isupper(ch) ? ('A' + (ch - 'A' + 13) % 26) :
islower(ch) ? ('a' + (ch - 'a' + 13) % 26) : ch);
ch ^=3D pos;
pos +=3D 13;
if (pos > 256)
pos =3D pos-256;
sprintf(dst, "%02x", ch);
printf("0x%02x next ^mask (pos): 0x%02x\n", ch, pos);
dst +=3D 2;
}
*dst =3D 0;
return dp;
}
$ ./smbpw
smb_simplecrypt(): pw: [1234567890-1-1234567]
ch [1] --> 0x2a next ^mask (pos): 0x28
ch [2] --> 0x1a next ^mask (pos): 0x35
ch [3] --> 0x06 next ^mask (pos): 0x42
ch [4] --> 0x76 next ^mask (pos): 0x4f
ch [5] --> 0x7a next ^mask (pos): 0x5c
ch [6] --> 0x6a next ^mask (pos): 0x69
ch [7] --> 0x5e next ^mask (pos): 0x76
ch [8] --> 0x4e next ^mask (pos): 0x83
ch [9] --> 0xba next ^mask (pos): 0x90
ch [0] --> 0xa0 next ^mask (pos): 0x9d
ch [-] --> 0xb0 next ^mask (pos): 0xaa
ch [1] --> 0x9b next ^mask (pos): 0xb7
ch [-] --> 0x9a next ^mask (pos): 0xc4
ch [1] --> 0xf5 next ^mask (pos): 0xd1
ch [2] --> 0xe3 next ^mask (pos): 0xde
ch [3] --> 0xed next ^mask (pos): 0xeb
ch [4] --> 0xdf next ^mask (pos): 0xf8
ch [5] --> 0xcd next ^mask (pos): 0x05
ch [6] --> 0x33 next ^mask (pos): 0x12
ch [7] --> 0x25 next ^mask (pos): 0x1f
cp: [$$12a1a06767a6a5e4ebaa0b09b9af5e3eddfcd3325]
smb_simpledecrypt(): hash: [$$12a1a06767a6a5e4ebaa0b09b9af5e3eddfcd3325] gi=
ves clear [1234567890-1-1234567]
--=20
Matthias Apitz, =E2=9C=89 guru@unixarea.de, =E2=8C=82 http://www.unixarea.d=
e/ =E2=98=8E +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
8. Mai 1945: Wer nicht feiert hat den Krieg verloren.
8 de mayo de 1945: Quien no festeja perdi=C3=B3 la Guerra.
May 8, 1945: Who does not celebrate lost the War.
--M9NhX3UHpAaciwkO
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEXmn7rBYYViyzy/vBR8z35Hb+nREFAlk38w0ACgkQR8z35Hb+
nRFD6xAAkIq+YFQlROewnDBY60FHeGuriuPByPsBXytwhIbUYWDcrwACe/GxmcEI
+VxID5Lo9wuyQfYOeIxed+iyhnScWDgDyrV6G8bAP4ODz6SgsirPRy/HE8uIkNuo
e5YHrMB5ZhVoK/3kmKI2eLK656VaXbV17CSsBWC8G57fpUJNyEigyUrCmGvFHdpq
0/GL0kNTGDV/WLM6TpQgVddCiIGMhXjxD7A3p2CbCLMBE4v87yRZU9eSMhgnBiCx
O44yFLTePXt1JYBamwBKe3Z2HGb6HAnfe4S1g83CXezcgl57eA8JxH89oyusFoCZ
p7orBIbs4n2+KHVbRPy2j0aFuBSRbzqYKlo/WtkkGmo6QaYWb5aL0z7yQGXlZ7tI
NgRWuItcElTvg0faPeiSITjUymn66afdZqnPbH+z4LtQ7jSFR2nLkgjmtOG1cvxS
EQH56PpkRHrUQVaPrMWNo+7TuTZBSf2b72n14Ps5mCCwKHqBfXrERZyVUx+PTGrS
6UVithD82jJe19x0Y40mb/6XFkKcN9JQNR97kaoBv4EudEBR6CNdfjbmrqTr9/ep
fo1zAssQz7ClhuoLjD1XXLLNoxwtM8nygmz2znDNiW832WvdhTaotkBoyg5QzXBs
1YlbtttilmGbXmRtiPu1Jqh+jJGjMDsfBI8gCfn1gL5Nj/FXVK8=
=SkAS
-----END PGP SIGNATURE-----
--M9NhX3UHpAaciwkO--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170607123531.GA4867>