[Swan] programs/pluto/xauth.c - non-reentrant crypt issue

Philippe Vouters philippe.vouters at laposte.net
Thu Mar 7 11:09:16 EET 2013 

This code is even wrong as crypt may return NULL.
It should read:
            if ( *cp && *strcmp(cp, szpass) == 0)
            {
              /* we have a winner */
              fclose( fp );
              pthread_mutex_unlock(&crypt_mutex);
              return TRUE;
            }
rather than:
            if ( strcmp(cp, szpass) == 0)
            {
              /* we have a winner */
              fclose( fp );
              pthread_mutex_unlock(&crypt_mutex);
              return TRUE;
            }


Philippe Vouters (Fontainebleau/France)
URL: http://vouters.dyndns.org/
SIP: sip:Vouters at sip.linphone.org

Le 07/03/2013 09:56, Philippe Vouters a écrit :
> #include "crypto.h" /* requires sha1.h and md5.h */
> #include "ike_alg.h"
>
> #include "xauth.h"
> #include "virtual.h"
>
> static stf_status
> modecfg_inI2(struct msg_digest *md);
>
> char pwdfile[PATH_MAX];
> *pthread_mutex_t crypt_mutex = PTHREAD_MUTEX_INITIALIZER;*
>
> extern bool encrypt_message(pb_stream *pbs, struct state *st); /* 
> forward declaration */
>
> typedef struct
> {
>         int in_use;
>         struct state *st;
>         sigjmp_buf jbuf;
> } st_jbuf_t;
> ...
>
>         {
>             char *cp;
>
> *pthread_mutex_lock(&crypt_mutex);*
> #if defined(__CYGWIN32__)
>             /* password is in the clear! */
>             cp = (char *)arg->password.ptr;
> #else
>             /* keep the passwords using whatever utilities we have */
>             cp = crypt( (char *)arg->password.ptr, szpass);
> #endif
>
>             if(DBGP(DBG_CRYPT))
>             {
>                 DBG_log("XAUTH: checking user(%s:%s) pass %s vs %s" , 
> szuser, szconnid, cp, szpass);
>             }
>             else
>             {
>                 libreswan_log("XAUTH: checking user(%s:%s) " , szuser, 
> szconnid);
>             }
>
>            /* Ok then now password check */
>            if ( strcmp(cp, szpass) == 0)
>            {
>              /* we have a winner */
>              fclose( fp );
> *pthread_mutex_unlock(&crypt_mutex);*
>              return TRUE;
>            }
>            libreswan_log("XAUTH: nope");
> *pthread_mutex_unlock(&crypt_mutex);*
>         }
>
> -- 
> Philippe Vouters (Fontainebleau/France)
> URL:http://vouters.dyndns.org/
> SIP:sip:Vouters at sip.linphone.org
>
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20130307/3ed830e6/attachment.html>

More information about the Swan mailing list