possible bug in chgpasswd.c/smbdes.c

Simo Sorce idra at samba.org
Thu Jul 19 17:35:53 GMT 2001 

ok, forget it, I've just seen index_i is also of type char, so being the buffer 256 bytes long it is not a problem, it will just cycle back to 0.
Sorry.

Simo.

On Thu, Jul 19, 2001 at 08:42:50AM -0700, Simo Sorce wrote:
> 
> I've seen that while searching for a possible bug a user reported in unix password sync.
> What does not convince me is that we increment index_i up to 516
> and then read and store values in s_box[index_i] but
> s_nox is declared as follow:
>   unsigned char s_box[256];
> 
> here my concern,
> bye,
> Simo.
> 
> On Thu, Jul 19, 2001 at 09:35:47AM -0500, Gerald Carter wrote:
> > On Thu, 19 Jul 2001, Simo Sorce wrote:
> > 
> > > Seem that check_oem_password function in smbd/chgpasswd.c calls
> > > SamOEMhash function in libsmb/smbdes.c with a val of 516 an this may
> > > be a bug in either check_oem_password or SamOEMhash. The last for
> > > cicle in SamOEMhash increments ind and index_i from 0 to 516, but
> > > s_box[] indexed by index_i is only 256 chars long. So I think index_i
> > > goes out of buffer boundaries at half the for cicle, and we also
> > > modify that region. This function seem to be called only when syncing
> > > unix passwords when changing password. can anyone confirm it? or have
> > > I missed something?
> > 
> > Is something not working?  I mean are you tracking down a bug or just
> > curious?
> > 
> > 
> > 
> > Cheers, jerry
> >  ---------------------------------------------------------------------
> >  http://www.valinux.com/     VA Linux Systems      gcarter at valinux.com
> >  http://www.samba.org/          SAMBA Team             jerry at samba.org
> >  http://www.plainjoe.org/                           jerry at plainjoe.org
> >  --"I never saved anything for the swim back." Ethan Hawk in Gattaca--
> > 
> > 
> 
> -- 
> Simo Sorce       idra at samba.org
> -------------------------------
> Samba Team http://www.samba.org
> 

-- 
Simo Sorce       idra at samba.org
-------------------------------
Samba Team http://www.samba.org

More information about the samba-technical mailing list