apr-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 45679] New: SHA1 passwords starting with {SHA} don't work and cause a minor buffer overrun
Date Sat, 23 Aug 2008 13:12:27 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=45679

           Summary: SHA1 passwords starting with {SHA} don't work and cause
                    a minor buffer overrun
           Product: APR
           Version: HEAD
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: APR-util
        AssignedTo: bugs@apr.apache.org
        ReportedBy: bnoordhuis@gmail.com


Created an attachment (id=22477)
 --> (https://issues.apache.org/bugzilla/attachment.cgi?id=22477)
Teeny weeny patch

The summary says it all really, but for posterity's sake:

htpasswd -s -c /path/to/htpasswd bnoordhuis
New password: {SHA}foo
Re-type new password: {SHA}foo

Due to erroneous code in apr_sha1_base64() the generated password hash will
never match the original password. And because the pointer to the plain-text
password is bumped but the length variable isn't, a buffer overrun of several
bytes happens when generating the hash. I doubt it is exploitable (the stack
layout doesn't seem to favor a potential attacker) but I'm no expert on the
matter.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org


Mime
View raw message