ASF Bugzilla – Attachment 21429 Details for
Bug 31440
htpasswd salt generation weakness
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch against httpd-2.2.8 to resolve weak PRNG seeding
htpasswd-salt.diff (text/plain), 3.39 KB, created by
Peter Watkins
on 2008-01-25 10:10:34 UTC
(
hide
)
Description:
patch against httpd-2.2.8 to resolve weak PRNG seeding
Filename:
MIME Type:
Creator:
Peter Watkins
Created:
2008-01-25 10:10:34 UTC
Size:
3.39 KB
patch
obsolete
>--- ./support/htpasswd.c 2006/07/12 03:38:44 1.1 >+++ ./support/htpasswd.c 2008/01/25 18:07:07 >@@ -46,6 +46,8 @@ > #include "apr_general.h" > #include "apr_signal.h" > >+#include <math.h> >+ > #if APR_HAVE_STDIO_H > #include <stdio.h> > #endif >@@ -101,6 +103,7 @@ > > apr_file_t *errfile; > apr_file_t *ftemp = NULL; >+FILE *FP = NULL; > > #define NL APR_EOL_STR > >@@ -115,6 +118,66 @@ > } > } > >+static void seed_prng() >+{ >+ int randBits = 0; >+ int seedInt = 0; >+ int toAdd = 0; >+ int intSize = (8*(int)sizeof(int)); >+ int charSize = (8*(int)sizeof(char)); >+ if ( (!FP) && getenv("RANDOM_SEED") ) >+ { >+ /* use the device specified by the user */ >+ FP = fopen(getenv("RANDOM_SEED"), "r"); >+ } else if (!FP) { >+ /* use /dev/urandom for better (less predictable) seeding if available */ >+ FP = fopen("/dev/urandom", "r"); >+ } >+ if (FP) >+ { >+ while ( randBits < intSize ) { >+ /* how many bits to read (maximum == bytes in a char) */ >+ toAdd = (intSize - randBits) > charSize ? charSize : (intSize - randBits); >+ /* we could watch the fgetc() call for EOF and warn the user, >+ but the user should know better than to provide a small pool */ >+ seedInt += ((int)fgetc(FP) % (int)pow(2,toAdd)) * (int)pow(2,randBits); >+ randBits += toAdd; >+ } >+ (void) srand(seedInt); >+ /* deliberately leave FP open in case seed_prng() is called again and >+ FP behaves like a static file and always provides the same content; >+ with devices like /dev/urandom and /dev/random, there would be bo reason >+ not to fclose(FP) here */ >+ } else { >+ fprintf(stderr,"Warning: weak salt generation!\n"); >+ fprintf(stderr,"For better security, install /dev/urandom or provide the name of a file or device\n"); >+ fprintf(stderr,"that can provide enough random data in the environment variable RANDOM_SEED\n",(intSize/8)); >+ (void) srand((int) time((time_t *) NULL)); >+ } >+} >+ >+static void generate_salt(char *s, size_t size) >+{ >+ static unsigned char tbl[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; >+ size_t i; >+ int bitsUsed = 0; >+ for (i = 0; i < size; ++i) { >+ int idx = (int) (64.0 * rand() / (RAND_MAX + 1.0)); >+ bitsUsed += 6; >+ s[i] = tbl[idx]; >+ /* re-seed the PRNG if already used an integer's worth of bytes, or if the next >+ loop iteration would use more than an int, since the seed for rand() is an int. >+ This will only need to happen on platforms with integers less than 48 bits. */ >+ if ( (bitsUsed + 6) > (8*sizeof(int)) ) >+ { >+ /* re-seed */ >+ (void)seed_prng(); >+ /* reset our counter */ >+ bitsUsed = 0; >+ } >+ } >+} >+ > static void putline(apr_file_t *f, const char *l) > { > apr_file_puts(l, f); >@@ -162,8 +225,8 @@ > break; > > case ALG_APMD5: >- (void) srand((int) time((time_t *) NULL)); >- to64(&salt[0], rand(), 8); >+ (void)seed_prng(); >+ generate_salt(&salt[0], 8); > salt[8] = '\0'; > > apr_md5_encode((const char *)pw, (const char *)salt, >@@ -178,7 +241,7 @@ > #if !(defined(WIN32) || defined(NETWARE)) > case ALG_CRYPT: > default: >- (void) srand((int) time((time_t *) NULL)); >+ (void)seed_prng(); > to64(&salt[0], rand(), 8); > salt[8] = '\0'; >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 31440
:
12871
| 21429 |
21433
|
24178
|
24179