[Swan] programs/pluto/xauth.c - non-reentrant crypt issue
Philippe Vouters
philippe.vouters at laposte.net
Thu Mar 7 11:09:16 EET 2013
This code is even wrong as crypt may return NULL.
It should read:
if ( *cp && *strcmp(cp, szpass) == 0)
{
/* we have a winner */
fclose( fp );
pthread_mutex_unlock(&crypt_mutex);
return TRUE;
}
rather than:
if ( strcmp(cp, szpass) == 0)
{
/* we have a winner */
fclose( fp );
pthread_mutex_unlock(&crypt_mutex);
return TRUE;
}
Philippe Vouters (Fontainebleau/France)
URL: http://vouters.dyndns.org/
SIP: sip:Vouters at sip.linphone.org
Le 07/03/2013 09:56, Philippe Vouters a écrit :
> #include "crypto.h" /* requires sha1.h and md5.h */
> #include "ike_alg.h"
>
> #include "xauth.h"
> #include "virtual.h"
>
> static stf_status
> modecfg_inI2(struct msg_digest *md);
>
> char pwdfile[PATH_MAX];
> *pthread_mutex_t crypt_mutex = PTHREAD_MUTEX_INITIALIZER;*
>
> extern bool encrypt_message(pb_stream *pbs, struct state *st); /*
> forward declaration */
>
> typedef struct
> {
> int in_use;
> struct state *st;
> sigjmp_buf jbuf;
> } st_jbuf_t;
> ...
>
> {
> char *cp;
>
> *pthread_mutex_lock(&crypt_mutex);*
> #if defined(__CYGWIN32__)
> /* password is in the clear! */
> cp = (char *)arg->password.ptr;
> #else
> /* keep the passwords using whatever utilities we have */
> cp = crypt( (char *)arg->password.ptr, szpass);
> #endif
>
> if(DBGP(DBG_CRYPT))
> {
> DBG_log("XAUTH: checking user(%s:%s) pass %s vs %s" ,
> szuser, szconnid, cp, szpass);
> }
> else
> {
> libreswan_log("XAUTH: checking user(%s:%s) " , szuser,
> szconnid);
> }
>
> /* Ok then now password check */
> if ( strcmp(cp, szpass) == 0)
> {
> /* we have a winner */
> fclose( fp );
> *pthread_mutex_unlock(&crypt_mutex);*
> return TRUE;
> }
> libreswan_log("XAUTH: nope");
> *pthread_mutex_unlock(&crypt_mutex);*
> }
>
> --
> Philippe Vouters (Fontainebleau/France)
> URL:http://vouters.dyndns.org/
> SIP:sip:Vouters at sip.linphone.org
>
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20130307/3ed830e6/attachment.html>
More information about the Swan
mailing list