mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-12-25 17:19:43 -05:00
ITS#2869 fix decode length checks again
This commit is contained in:
Howard Chu
parent
169c9f60e4
commit
39eb55b5f4
2 changed files with 21 additions and 7 deletions
|
|
@ -29,7 +29,7 @@ LDAP_BEGIN_DECL
|
|||
/* Avoid floating point math through extra padding */
|
||||
|
||||
#define LUTIL_BASE64_ENCODE_LEN(n) (((n)+2)/3 * 4)
|
||||
#define LUTIL_BASE64_DECODE_LEN(n) (((n)+3)/4 * 3)
|
||||
#define LUTIL_BASE64_DECODE_LEN(n) ((n)/4*3)
|
||||
|
||||
/* ISC Base64 Routines */
|
||||
/* base64.c */
|
||||
|
|
|
|||
|
|
@ -101,6 +101,8 @@ struct pw_slist {
|
|||
|
||||
/* password check routines */
|
||||
|
||||
#define SALT_SIZE 4
|
||||
|
||||
static LUTIL_PASSWD_CHK_FUNC chk_md5;
|
||||
static LUTIL_PASSWD_CHK_FUNC chk_smd5;
|
||||
static LUTIL_PASSWD_HASH_FUNC hash_smd5;
|
||||
|
|
@ -483,7 +485,8 @@ static int chk_ssha1(
|
|||
unsigned char *orig_pass = NULL;
|
||||
|
||||
/* safety check */
|
||||
if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) <= sizeof(SHA1digest)) {
|
||||
if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) <
|
||||
sizeof(SHA1digest)+SALT_SIZE) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
|
@ -495,7 +498,7 @@ static int chk_ssha1(
|
|||
|
||||
rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);
|
||||
|
||||
if (rc < 0 || (unsigned)rc <= sizeof(SHA1digest)) {
|
||||
if (rc < (int)(sizeof(SHA1digest)+SALT_SIZE)) {
|
||||
ber_memfree(orig_pass);
|
||||
return -1;
|
||||
}
|
||||
|
|
@ -526,6 +529,11 @@ static int chk_sha1(
|
|||
int rc;
|
||||
unsigned char *orig_pass = NULL;
|
||||
|
||||
/* safety check */
|
||||
if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) < sizeof(SHA1digest)) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* base64 un-encode password */
|
||||
orig_pass = (unsigned char *) ber_memalloc( (size_t) (
|
||||
LUTIL_BASE64_DECODE_LEN(passwd->bv_len) + 1) );
|
||||
|
|
@ -564,7 +572,8 @@ static int chk_smd5(
|
|||
unsigned char *orig_pass = NULL;
|
||||
|
||||
/* safety check */
|
||||
if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) <= sizeof(MD5digest)) {
|
||||
if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) <
|
||||
sizeof(MD5digest)+SALT_SIZE) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
|
@ -576,7 +585,7 @@ static int chk_smd5(
|
|||
|
||||
rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);
|
||||
|
||||
if (rc < 0 || (unsigned)rc <= sizeof(MD5digest)) {
|
||||
if (rc < (int)(sizeof(MD5digest)+SALT_SIZE)) {
|
||||
ber_memfree(orig_pass);
|
||||
return -1;
|
||||
}
|
||||
|
|
@ -608,6 +617,11 @@ static int chk_md5(
|
|||
int rc;
|
||||
unsigned char *orig_pass = NULL;
|
||||
|
||||
/* safety check */
|
||||
if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) < sizeof(MD5digest)) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* base64 un-encode password */
|
||||
orig_pass = (unsigned char *) ber_memalloc( (size_t) (
|
||||
LUTIL_BASE64_DECODE_LEN(passwd->bv_len) + 1) );
|
||||
|
|
@ -1173,7 +1187,7 @@ static struct berval *hash_ssha1(
|
|||
{
|
||||
lutil_SHA1_CTX SHA1context;
|
||||
unsigned char SHA1digest[LUTIL_SHA1_BYTES];
|
||||
char saltdata[4];
|
||||
char saltdata[SALT_SIZE];
|
||||
struct berval digest;
|
||||
struct berval salt;
|
||||
|
||||
|
|
@ -1223,7 +1237,7 @@ static struct berval *hash_smd5(
|
|||
{
|
||||
lutil_MD5_CTX MD5context;
|
||||
unsigned char MD5digest[LUTIL_MD5_BYTES];
|
||||
char saltdata[4];
|
||||
char saltdata[SALT_SIZE];
|
||||
struct berval digest;
|
||||
struct berval salt;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue