https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=132302
--- Comment #5 from Matthias Apitz <[email protected]> --- (In reply to Josh Paetzel from comment #3) I was thinking last night about the proposed patch and wanted to modify it, but now it's committed already before I could put hands on the keyboard; the problem (bug) was that the value in 'pos' for the XOR operation: ch ^= pos; at some point exceeds, when the to be crypted password is long enough, exceeds one byte, and so does the result in 'ch'; later the value from 'ch' is formated to a hex string with sprintf(dst, "%02x", ch); dst += 2; which gives in 'dst' four new bytes, like 0136, but the pointer 'dst' is only moved two byte further; this damages the resulting string in 'dst' for the crypted pw and later decrypt goes wrong; Said this, the test for 'pos' not exceeding one byte must be if (pos >= 256) pos -=256;' because a pw of 57 bytes lenth will hit the point where 'pos' is exactly 256 (0x100); 57++ bytes is a very unlikely password, but as it s stored into a file and not typed in from time to time it's not impossible thinking in such a beast; sorry to come late with this comment; -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "[email protected]"
