[Pkg-shadow-commits] r1995 - in upstream/trunk: . libmisc

Tue May 20 13:34:08 UTC 2008

Author: nekral-guest
Date: 2008-05-20 13:34:06 +0000 (Tue, 20 May 2008)
New Revision: 1995

Modified:
   upstream/trunk/ChangeLog
   upstream/trunk/NEWS
   upstream/trunk/libmisc/salt.c
Log:
*** security:
- generation of SHA encrypted passwords (chpasswd, gpasswd, newusers,
  chgpasswd; and also passwd if configured without PAM support).
  The number of rounds and number of salt bytes was fixed to their lower
  allowed values (resp. configurable and 8), hence voiding some of the
  advantages of this encryption method. Dictionary attacks with
  precomputed tables were easier than expected, but still harder than with
  the MD5 (or DES) methods.

	* NEWS, libmisc/salt.c (SHA_salt_size): Seed the RNG, and fix a
	overflow. These caused the SHA salt size to always be 8 bytes,
	instead of being in the 8-16 range. Thanks to Peter Vrabec
	pvrabec at redhat.com for noticing.
	* NEWS, libmisc/salt.c (SHA_salt_rounds): Seed the RNG with
	seedRNG instead of srand, and fix the same overflow. This caused
	the number of rounds to always be the smallest one.



Modified: upstream/trunk/ChangeLog
===================================================================

--- upstream/trunk/ChangeLog	2008-05-19 22:18:14 UTC (rev 1994)
+++ upstream/trunk/ChangeLog	2008-05-20 13:34:06 UTC (rev 1995)
@@ -1,5 +1,15 @@
 2008-05-20  Nicolas François  <nicolas.francois at centraliens.net>
 
+	* NEWS, libmisc/salt.c (SHA_salt_size): Seed the RNG, and fix a
+	overflow. These caused the SHA salt size to always be 8 bytes,
+	instead of being in the 8-16 range. Thanks to Peter Vrabec
+	pvrabec at redhat.com for noticing.
+	* NEWS, libmisc/salt.c (SHA_salt_rounds): Seed the RNG with
+	seedRNG instead of srand, and fix the same overflow. This caused
+	the number of rounds to always be the smallest one.
+
+2008-05-20  Nicolas François  <nicolas.francois at centraliens.net>
+
 	* man/newusers.8.xml man/groupmems.8.xml man/groupdel.8.xml
 	man/useradd.8.xml man/groupadd.8.xml man/newgrp.1.xml man/sg.1.xml
 	man/chgpasswd.8.xml man/groupmod.8.xml: Tag the section which

Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS	2008-05-19 22:18:14 UTC (rev 1994)
+++ upstream/trunk/NEWS	2008-05-20 13:34:06 UTC (rev 1995)
@@ -2,6 +2,15 @@
 
 shadow-4.1.1 -> shadow-4.1.2						UNRELEASED
 
+*** security:
+- generation of SHA encrypted passwords (chpasswd, gpasswd, newusers,
+  chgpasswd; and also passwd if configured without PAM support).
+  The number of rounds and number of salt bytes was fixed to their lower
+  allowed values (resp. configurable and 8), hence voiding some of the
+  advantages of this encryption method. Dictionary attacks with
+  precomputed tables were easier than expected, but still harder than with
+  the MD5 (or DES) methods.
+
 *** general:
 - packaging
   * Distribute the chfn, chsh, and userdel PAM configuration file.

Modified: upstream/trunk/libmisc/salt.c
===================================================================
--- upstream/trunk/libmisc/salt.c	2008-05-19 22:18:14 UTC (rev 1994)
+++ upstream/trunk/libmisc/salt.c	2008-05-20 13:34:06 UTC (rev 1995)
@@ -90,9 +90,10 @@
  */
 static unsigned int SHA_salt_size (void)
 {
-	double rand_rounds = 9 * random ();
-	rand_rounds /= RAND_MAX;
-	return 8 + rand_rounds;
+	double rand_size;
+	seedRNG ();
+	rand_size = (double) 9.0 * random () / RAND_MAX;
+	return 8 + rand_size;
 }
 
 /* ! Arguments evaluated twice ! */
@@ -131,8 +132,8 @@
 		if (min_rounds > max_rounds)
 			max_rounds = min_rounds;
 
-		srand (time (NULL));
-		rand_rounds = (max_rounds-min_rounds+1) * random ();
+		seedRNG ();
+		rand_rounds = (double) (max_rounds-min_rounds+1.0) * random ();
 		rand_rounds /= RAND_MAX;
 		rounds = min_rounds + rand_rounds;
 	} else if (0 == *prefered_rounds)


