Package: mount
Version: 2.12p-4
Severity: normal
Tags: patch
Hi,
I found a bug in the loopback device routine in lomount.c
xgetpass() can return more than 128 bytes when it reads a passphrase
from fd specified by -p. With such a long passphrase, current
lomount.c can generate different hash value every time, so user can
never correctly encrypt or decrypt files.
Following patch will fix the problem.
--- util-linux-2.12p.orig/mount/lomount.c 2005-06-24 20:39:36.073263112
+0900
+++ util-linux-2.12p/mount/lomount.c 2005-06-24 21:12:33.783174438 +0900
@@ -397,18 +397,21 @@
case LO_CRYPT_RIJNDAEL:
{
#define HASHLENGTH 20
-#define PASSWDBUFFLEN 130 /* getpass returns only max. 128 bytes, see man
getpass */
char keybits[2*HASHLENGTH];
- char passwdbuff[PASSWDBUFFLEN];
+ char *passwdbuff;
+ int passwdlen;
int keylength;
int i;
pass = xgetpass(pfd, _("Password: "));
- strncpy(passwdbuff+1,pass,PASSWDBUFFLEN-1);
- passwdbuff[PASSWDBUFFLEN-1] = '\0';
+ passwdlen = strlen(pass);
+ passwdbuff = malloc(passwdlen+2);
+ strcpy(passwdbuff+1,pass);
passwdbuff[0] = 'A';
- rmd160_hash_buffer(keybits,pass,strlen(pass));
-
rmd160_hash_buffer(keybits+HASHLENGTH,passwdbuff,strlen(pass)+1);
+ rmd160_hash_buffer(keybits,pass,passwdlen);
+ rmd160_hash_buffer(keybits+HASHLENGTH,passwdbuff,passwdlen+1);
+ memset(pass, 0, passwdlen);
+ free(passwdbuff);
memcpy((char*)loopinfo64.lo_encrypt_key,keybits,2*HASHLENGTH);
keylength=0;
for(i=0; crypt_type_tbl[i].id != -1; i++){
@@ -423,15 +426,18 @@
default:
if (hash_password) {
char keybits[2*HASHLENGTH];
- char passwdbuff[PASSWDBUFFLEN];
+ char *passwdbuff;
+ int passwdlen;
pass = xgetpass(pfd, _("Password: "));
- strncpy(passwdbuff+1,pass,PASSWDBUFFLEN-1);
- passwdbuff[PASSWDBUFFLEN-1] = '\0';
+ passwdlen = strlen(pass);
+ passwdbuff = malloc(passwdlen+2);
+ strcpy(passwdbuff+1,pass);
passwdbuff[0] = 'A';
- rmd160_hash_buffer(keybits,pass,strlen(pass));
-
rmd160_hash_buffer(keybits+HASHLENGTH,passwdbuff,strlen(pass)+1);
- memset(pass, 0, strlen(pass));
+ rmd160_hash_buffer(keybits,pass,passwdlen);
+
rmd160_hash_buffer(keybits+HASHLENGTH,passwdbuff,passwdlen+1);
+ memset(pass, 0, passwdlen);
+ free(passwdbuff);
memcpy((char*)loopinfo64.lo_encrypt_key,keybits,keysz/8);
loopinfo64.lo_encrypt_key_size = keysz/8;
} else {
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.10-1-k7
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8)
Versions of packages mount depends on:
ii libblkid1 1.37-1 block device id library
ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an
ii libuuid1 1.37-1 universally unique id library
-- no debconf information
--
YAEGASHI Takeshi <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
