From 5d04e97adc45af254cb6340387aa3ae147d43e92 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Thu, 2 Jul 2020 12:20:41 +0200 Subject: [PATCH] Fixed maximum password length in modules of hash-modes 600, 7800, 7801 and 9900 --- docs/changes.txt | 1 + src/modules/module_00600.c | 14 +------------- src/modules/module_07800.c | 4 +++- src/modules/module_07801.c | 4 +++- src/modules/module_09900.c | 4 +++- src/modules/module_12400.c | 4 ++-- src/modules/module_16400.c | 2 +- 7 files changed, 14 insertions(+), 19 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index c25a93915..b02a32f55 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -11,6 +11,7 @@ ## Bugs ## +- Fixed maximum password length in modules of hash-modes 600, 7800, 7801 and 9900 - Fixed uninitialized value in bitsliced DES kernel (BF mode only) leading to false negatives ## diff --git a/src/modules/module_00600.c b/src/modules/module_00600.c index c22fbde3a..2a29dfb57 100644 --- a/src/modules/module_00600.c +++ b/src/modules/module_00600.c @@ -44,18 +44,6 @@ const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, static const char *SIGNATURE_BLAKE2B = "$BLAKE2$"; -u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - // this overrides the reductions of pw_max in case optimized kernel is selected - // IOW, even in optimized kernel mode it support length 64 - - const bool optimized_kernel = (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL); - - const u32 pw_max = (optimized_kernel == true) ? 64 : PW_MAX; - - return pw_max; -} - int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u64 *digest = (u64 *) digest_buf; @@ -178,7 +166,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_potfile_disable = MODULE_DEFAULT; module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; module_ctx->module_pwdump_column = MODULE_DEFAULT; - module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_max = MODULE_DEFAULT; module_ctx->module_pw_min = MODULE_DEFAULT; module_ctx->module_salt_max = MODULE_DEFAULT; module_ctx->module_salt_min = MODULE_DEFAULT; diff --git a/src/modules/module_07800.c b/src/modules/module_07800.c index 0d79c1256..db99d026f 100644 --- a/src/modules/module_07800.c +++ b/src/modules/module_07800.c @@ -46,7 +46,9 @@ const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { - const u32 pw_max = 40; // https://www.daniel-berlin.de/security/sap-sec/password-hash-algorithms/ + const bool optimized_kernel = (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL); + + const u32 pw_max = (optimized_kernel == false) ? 40 : hashconfig->pw_max; // https://www.daniel-berlin.de/security/sap-sec/password-hash-algorithms/ return pw_max; } diff --git a/src/modules/module_07801.c b/src/modules/module_07801.c index 03afc6595..e06ceade3 100644 --- a/src/modules/module_07801.c +++ b/src/modules/module_07801.c @@ -46,7 +46,9 @@ const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { - const u32 pw_max = 40; // https://www.daniel-berlin.de/security/sap-sec/password-hash-algorithms/ + const bool optimized_kernel = (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL); + + const u32 pw_max = (optimized_kernel == false) ? 40 : hashconfig->pw_max; // https://www.daniel-berlin.de/security/sap-sec/password-hash-algorithms/ return pw_max; } diff --git a/src/modules/module_09900.c b/src/modules/module_09900.c index dc855abc1..5d3834dfd 100644 --- a/src/modules/module_09900.c +++ b/src/modules/module_09900.c @@ -46,7 +46,9 @@ const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { - const u32 pw_max = 100; // RAdmin2 sets w[25] = 0x80 + const bool optimized_kernel = (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL); + + const u32 pw_max = (optimized_kernel == false) ? 100 : hashconfig->pw_max; // RAdmin2 sets w[25] = 0x80 return pw_max; } diff --git a/src/modules/module_12400.c b/src/modules/module_12400.c index 9280a2f3f..d899624bd 100644 --- a/src/modules/module_12400.c +++ b/src/modules/module_12400.c @@ -74,9 +74,9 @@ char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { - const u64 pw_max = (const u64) sizeof (bsdicrypt_tmp_t); + const u64 tmp_size = (const u64) sizeof (bsdicrypt_tmp_t); - return pw_max; + return tmp_size; } u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) diff --git a/src/modules/module_16400.c b/src/modules/module_16400.c index ff687e1a8..4007351ab 100644 --- a/src/modules/module_16400.c +++ b/src/modules/module_16400.c @@ -52,7 +52,7 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con { const bool optimized_kernel = (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL); - u32 pw_max = (optimized_kernel == true) ? PW_MAX_OLD : 64; // HMAC-MD5 and `doveadm pw` are different for password more than 64 bytes + const u32 pw_max = (optimized_kernel == false) ? 64 : hashconfig->pw_max; // HMAC-MD5 and `doveadm pw` are different for password more than 64 bytes return pw_max; }