diff options
author | ache <ache@FreeBSD.org> | 2014-08-11 12:26:48 +0000 |
---|---|---|
committer | ache <ache@FreeBSD.org> | 2014-08-11 12:26:48 +0000 |
commit | 41f23f3992a9000c140a2012fa3e493a7e75bbbd (patch) | |
tree | b1a09712d4763ad3009e395334105a5b39ad4988 /contrib/opie/opie.h | |
parent | 9abce0e567c9a5a0520cdd94d5c633c7baf9a184 (diff) | |
download | FreeBSD-src-41f23f3992a9000c140a2012fa3e493a7e75bbbd.zip FreeBSD-src-41f23f3992a9000c140a2012fa3e493a7e75bbbd.tar.gz |
Fix too long (seed length >12 chars) challenge handling.
1) " ext" length should be included into OPIE_CHALLENGE_MAX (as all places
of opie code expects that).
2) Overflow check in challenge.c is off by 1 even with corrected
OPIE_CHALLENGE_MAX
3) When fallback to randomchallenge() happens and rval is 0 (i.e.
challenge is too long), its value should be set to error state too.
To demonstrate the bug, run opiepasswd with valid seed:
opiepasswd -s 1234567890123456
and notice that it falls back to randomchallenge() (i.e. no
1234567890123456 in the prompt).
PR: 191511
Submitted by: mitsururike@gmail.com (partially)
MFC after: 1 week
Diffstat (limited to 'contrib/opie/opie.h')
-rw-r--r-- | contrib/opie/opie.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/contrib/opie/opie.h b/contrib/opie/opie.h index 2549d04..2d3ceed 100644 --- a/contrib/opie/opie.h +++ b/contrib/opie/opie.h @@ -72,8 +72,8 @@ struct opie { /* Max length of hash algorithm name (md4/md5) */ #define OPIE_HASHNAME_MAX 3 -/* Maximum length of a challenge (otp-md? 9999 seed) */ -#define OPIE_CHALLENGE_MAX (4+OPIE_HASHNAME_MAX+1+4+1+OPIE_SEED_MAX) +/* Maximum length of a challenge (otp-md? 9999 seed ext) */ +#define OPIE_CHALLENGE_MAX (4+OPIE_HASHNAME_MAX+1+4+1+OPIE_SEED_MAX+1+3) /* Maximum length of a response that we allow */ #define OPIE_RESPONSE_MAX (9+1+19+1+9+OPIE_SEED_MAX+1+19+1+19+1+19) |