File 0007-Ticket-bz1358565-clear-and-unsalted-passwo... of Package 389-ds.2045

Overview Repositories Revisions Requests Users Attributes Meta

File 0007-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch of Package 389-ds.2045

From 7c0827718562d2af17216292b46aec639bef7500 Mon Sep 17 00:00:00 2001
From: Noriko Hosoi <nhosoi@redhat.com>
Date: Mon, 8 Aug 2016 10:12:33 -0700
Subject: [PATCH 07/14] Ticket bz1358565 -  clear and unsalted password types
 are vulnerable to timing attack

Description: Fixing a compiler warning introduced by commit
f0e03b5a51972a125fe78f448d1f68e288782d1e.

(cherry picked from commit c62ea0c98445d31fb55baebe9778fe860b3266ea)
(cherry picked from commit 3d92679cf97518aedcf6534ac5967edf8d2c9d28)
---
 ldap/servers/plugins/pwdstorage/clear_pwd.c | 32 ++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/ldap/servers/plugins/pwdstorage/clear_pwd.c b/ldap/servers/plugins/pwdstorage/clear_pwd.c
index 84dac2a5a..b9b362d34 100644
--- a/ldap/servers/plugins/pwdstorage/clear_pwd.c
+++ b/ldap/servers/plugins/pwdstorage/clear_pwd.c
@@ -25,7 +25,37 @@
 int
 clear_pw_cmp( const char *userpwd, const char *dbpwd )
 {
-    return( strcmp( userpwd, dbpwd ));
+    int result = 0;
+    int len_user = strlen(userpwd);
+    int len_dbp = strlen(dbpwd);
+    if ( len_user != len_dbp ) {
+        result = 1;
+    }
+    /* We have to do this comparison ANYWAY else we have a length timing attack. */
+    if ( len_user >= len_dbp ) {
+        /* 
+         * If they are the same length, result will be 0 here, and if we pass
+         * the check, we don't update result either. IE we pass.
+         * However, even if the first part of userpw matches dbpwd, but len !=, we
+         * have already failed anyawy. This prevents substring matching.
+         */
+        if (slapi_ct_memcmp(userpwd, dbpwd, len_dbp) != 0) {
+            result = 1;
+        }
+    } else {
+        /* 
+         * If we stretched the userPassword, we'll allow a new timing attack, where
+         * if we see a delay on a short pw, we know we are stretching.
+         * when the delay goes away, it means we've found the length.
+         * Instead, because we don't want to use the short pw for comp, we just compare
+         * dbpwd to itself. We have already got result == 1 if we are here, so we are
+         * just trying to take up time!
+         */
+        if (slapi_ct_memcmp(dbpwd, dbpwd, len_dbp)) {
+            /* Do nothing, we have the if to fix a coverity check. */
+        }
+    }
+    return result;
 }
 
 char *
-- 
2.15.1

Places

File 0007-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch of Package 389-ds.2045

Places