possible bug in chgpasswd.c/smbdes.c
Simo Sorce
idra at samba.org
Thu Jul 19 17:35:53 GMT 2001
ok, forget it, I've just seen index_i is also of type char, so being the buffer 256 bytes long it is not a problem, it will just cycle back to 0.
Sorry.
Simo.
On Thu, Jul 19, 2001 at 08:42:50AM -0700, Simo Sorce wrote:
>
> I've seen that while searching for a possible bug a user reported in unix password sync.
> What does not convince me is that we increment index_i up to 516
> and then read and store values in s_box[index_i] but
> s_nox is declared as follow:
> unsigned char s_box[256];
>
> here my concern,
> bye,
> Simo.
>
> On Thu, Jul 19, 2001 at 09:35:47AM -0500, Gerald Carter wrote:
> > On Thu, 19 Jul 2001, Simo Sorce wrote:
> >
> > > Seem that check_oem_password function in smbd/chgpasswd.c calls
> > > SamOEMhash function in libsmb/smbdes.c with a val of 516 an this may
> > > be a bug in either check_oem_password or SamOEMhash. The last for
> > > cicle in SamOEMhash increments ind and index_i from 0 to 516, but
> > > s_box[] indexed by index_i is only 256 chars long. So I think index_i
> > > goes out of buffer boundaries at half the for cicle, and we also
> > > modify that region. This function seem to be called only when syncing
> > > unix passwords when changing password. can anyone confirm it? or have
> > > I missed something?
> >
> > Is something not working? I mean are you tracking down a bug or just
> > curious?
> >
> >
> >
> > Cheers, jerry
> > ---------------------------------------------------------------------
> > http://www.valinux.com/ VA Linux Systems gcarter at valinux.com
> > http://www.samba.org/ SAMBA Team jerry at samba.org
> > http://www.plainjoe.org/ jerry at plainjoe.org
> > --"I never saved anything for the swim back." Ethan Hawk in Gattaca--
> >
> >
>
> --
> Simo Sorce idra at samba.org
> -------------------------------
> Samba Team http://www.samba.org
>
--
Simo Sorce idra at samba.org
-------------------------------
Samba Team http://www.samba.org
More information about the samba-technical
mailing list