Your message dated Mon, 16 Jan 2006 14:50:23 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#315660: fixed in util-linux 2.12r-3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 24 Jun 2005 12:50:01 +0000
>From [EMAIL PROTECTED] Fri Jun 24 05:50:01 2005
Return-path: <[EMAIL PROTECTED]>
Received: from 3.16.111.219.st.bbexcite.jp (ko.keshi.org) [219.111.16.3]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DlndB-0006LT-00; Fri, 24 Jun 2005 05:50:01 -0700
Received: from yaegashipc3.dyn.rd.namco.co.jp (localhost [127.0.0.1])
by ko.keshi.org (Postfix) with ESMTP id 40E3C2FFC9;
Fri, 24 Jun 2005 21:49:59 +0900 (JST)
Date: Fri, 24 Jun 2005 21:49:59 +0900
Message-ID: <[EMAIL PROTECTED]>
From: YAEGASHI Takeshi <[EMAIL PROTECTED]>
To: "Debian Bug Tracking System" <[EMAIL PROTECTED]>
Subject: mount: Wrong hash generation for the loopback device.
User-Agent: Wanderlust/2.10.1 (Watching The Wheels) SEMI/1.14.6 (Maruoka)
FLIM/1.14.6 (Marutamachi) APEL/10.6 Emacs/21.4 (i386-pc-linux-gnu) MULE/5.0
(SAKAKI)
Organization: NAMCO Ltd.
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: mount
Version: 2.12p-4
Severity: normal
Tags: patch
Hi,
I found a bug in the loopback device routine in lomount.c
xgetpass() can return more than 128 bytes when it reads a passphrase
from fd specified by -p. With such a long passphrase, current
lomount.c can generate different hash value every time, so user can
never correctly encrypt or decrypt files.
Following patch will fix the problem.
--- util-linux-2.12p.orig/mount/lomount.c 2005-06-24 20:39:36.073263112
+0900
+++ util-linux-2.12p/mount/lomount.c 2005-06-24 21:12:33.783174438 +0900
@@ -397,18 +397,21 @@
case LO_CRYPT_RIJNDAEL:
{
#define HASHLENGTH 20
-#define PASSWDBUFFLEN 130 /* getpass returns only max. 128 bytes, see man
getpass */
char keybits[2*HASHLENGTH];
- char passwdbuff[PASSWDBUFFLEN];
+ char *passwdbuff;
+ int passwdlen;
int keylength;
int i;
pass = xgetpass(pfd, _("Password: "));
- strncpy(passwdbuff+1,pass,PASSWDBUFFLEN-1);
- passwdbuff[PASSWDBUFFLEN-1] = '\0';
+ passwdlen = strlen(pass);
+ passwdbuff = malloc(passwdlen+2);
+ strcpy(passwdbuff+1,pass);
passwdbuff[0] = 'A';
- rmd160_hash_buffer(keybits,pass,strlen(pass));
-
rmd160_hash_buffer(keybits+HASHLENGTH,passwdbuff,strlen(pass)+1);
+ rmd160_hash_buffer(keybits,pass,passwdlen);
+ rmd160_hash_buffer(keybits+HASHLENGTH,passwdbuff,passwdlen+1);
+ memset(pass, 0, passwdlen);
+ free(passwdbuff);
memcpy((char*)loopinfo64.lo_encrypt_key,keybits,2*HASHLENGTH);
keylength=0;
for(i=0; crypt_type_tbl[i].id != -1; i++){
@@ -423,15 +426,18 @@
default:
if (hash_password) {
char keybits[2*HASHLENGTH];
- char passwdbuff[PASSWDBUFFLEN];
+ char *passwdbuff;
+ int passwdlen;
pass = xgetpass(pfd, _("Password: "));
- strncpy(passwdbuff+1,pass,PASSWDBUFFLEN-1);
- passwdbuff[PASSWDBUFFLEN-1] = '\0';
+ passwdlen = strlen(pass);
+ passwdbuff = malloc(passwdlen+2);
+ strcpy(passwdbuff+1,pass);
passwdbuff[0] = 'A';
- rmd160_hash_buffer(keybits,pass,strlen(pass));
-
rmd160_hash_buffer(keybits+HASHLENGTH,passwdbuff,strlen(pass)+1);
- memset(pass, 0, strlen(pass));
+ rmd160_hash_buffer(keybits,pass,passwdlen);
+
rmd160_hash_buffer(keybits+HASHLENGTH,passwdbuff,passwdlen+1);
+ memset(pass, 0, passwdlen);
+ free(passwdbuff);
memcpy((char*)loopinfo64.lo_encrypt_key,keybits,keysz/8);
loopinfo64.lo_encrypt_key_size = keysz/8;
} else {
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.10-1-k7
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8)
Versions of packages mount depends on:
ii libblkid1 1.37-1 block device id library
ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an
ii libuuid1 1.37-1 universally unique id library
-- no debconf information
--
YAEGASHI Takeshi <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
---------------------------------------
Received: (at 315660-close) by bugs.debian.org; 16 Jan 2006 22:51:51 +0000
>From [EMAIL PROTECTED] Mon Jan 16 14:51:51 2006
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1EydB9-0001Gd-0N; Mon, 16 Jan 2006 14:50:23 -0800
From: LaMont Jones <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.65 $
Subject: Bug#315660: fixed in util-linux 2.12r-3
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 16 Jan 2006 14:50:23 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: util-linux
Source-Version: 2.12r-3
We believe that the bug you reported is fixed in the latest version of
util-linux, which is due to be installed in the Debian FTP archive:
bsdutils_2.12r-3_i386.deb
to pool/main/u/util-linux/bsdutils_2.12r-3_i386.deb
cfdisk-udeb_2.12r-3_i386.udeb
to pool/main/u/util-linux/cfdisk-udeb_2.12r-3_i386.udeb
fdisk-udeb_2.12r-3_i386.udeb
to pool/main/u/util-linux/fdisk-udeb_2.12r-3_i386.udeb
mount_2.12r-3_i386.deb
to pool/main/u/util-linux/mount_2.12r-3_i386.deb
util-linux-locales_2.12r-3_all.deb
to pool/main/u/util-linux/util-linux-locales_2.12r-3_all.deb
util-linux_2.12r-3.diff.gz
to pool/main/u/util-linux/util-linux_2.12r-3.diff.gz
util-linux_2.12r-3.dsc
to pool/main/u/util-linux/util-linux_2.12r-3.dsc
util-linux_2.12r-3_i386.deb
to pool/main/u/util-linux/util-linux_2.12r-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
LaMont Jones <[EMAIL PROTECTED]> (supplier of updated util-linux package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 16 Jan 2006 14:35:42 -0700
Source: util-linux
Binary: util-linux cfdisk-udeb fdisk-udeb util-linux-locales bsdutils mount
Architecture: all i386 source
Version: 2.12r-3
Distribution: unstable
Urgency: low
Maintainer: LaMont Jones <[EMAIL PROTECTED]>
Changed-By: LaMont Jones <[EMAIL PROTECTED]>
Description:
bsdutils - Basic utilities from 4.4BSD-Lite
cfdisk-udeb - Partition a hard drive (cfdisk)
fdisk-udeb - Partition a hard drive (manual)
mount - Tools for mounting and manipulating filesystems
util-linux - Miscellaneous system utilities
util-linux-locales - Locales files for util-linux
Closes: 315660 322130 343447 348235
Changes:
util-linux (2.12r-3) unstable; urgency=low
.
* Add ppc64 support. Closes: #322130
* Update sections to match the overrides file.
* hwclockfirst.sh may not exit, since it gets sourced.
Closes: #343447
* make the start messages from hwclock{first,}.sh slightly
different, for clarity.
* Build sparc binaries on sparc64
* Actually cleanup pager alternatives. Closes: #348235
* Deal better with long passwords. Based on patch from YAEGASHI Takeshi
<[EMAIL PROTECTED]>. Closes: #315660
Files:
8662dacce707011570d151019f6c28c1 713 base required util-linux_2.12r-3.dsc
38131f1c2d5db4193457b19e700dd02b 59090 debian-installer extra
fdisk-udeb_2.12r-3_i386.udeb
555644c3e0e172bfff40d6807f2ceb7a 369578 utils required
util-linux_2.12r-3_i386.deb
7b518b85ab99a3f0b843a2f23d618399 78742 base required util-linux_2.12r-3.diff.gz
7d3935f7765921958a4c76b1f124173f 1083604 utils optional
util-linux-locales_2.12r-3_all.deb
85886688ac59853a4a773810e12171da 483444 debian-installer extra
cfdisk-udeb_2.12r-3_i386.udeb
8ddb8ca0808aeefede8a84d70b9221ff 141156 admin required mount_2.12r-3_i386.deb
9d09d6a9429e5975a9767ff7af642fa2 66982 utils required bsdutils_2.12r-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDzBL5zN/kmwoKyScRAlGAAJ998EJaHlFAPmMFkTq/IrKwarO46QCgmRHc
s4e0W8/KPOPG4GwkL0qc4u0=
=XSpV
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
