[Passwdsecure-devel] RE: SEWL passwdsecure -- other note

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi Andrew,

Is it working now?

The sprintf will put the '\0' on the end of hexStringDigit for you but I
guess it doesn't hurt to do it explicitly.

Richard

-----Original Message-----
From: Andrew McGlashan [mailto:ae...@bi...]
Sent: Friday, 10 May 2002 5:08 PM
To: Harris, Richard
Cc: pas...@li...; Mario Piazzese; Bill Lucas
Subject: Re: SEWL passwdsecure -- other note

Updated .c files attached

Richard,

Thanks for your input.  I have added an extra line to your supplied MD5File
function.  After the 16 unsigned chars have been placed as 32 string chars
(0-31), I added the string terminator char to array position 32 as follows:
    hexStringDigest[32] = '\0';

Regards

AndrewM

Andrew McGlashan AACS
Director

Mobile: 04 2574 1827

Affinity Vision Australia Pty Ltd
ABN 91 099 273 855

This message contains privileged and confidential information intended only
for the use of the addressee named above. If you are not the intended
recipient of this message you are hereby notified that you must not
disseminate, copy or take any action in reliance on it.  If you have
received this message in error please notify Affinity Vision Australia Pty
Ltd at ae...@bi...  Any views expressed in this message are those of the
individual sender, except where the sender specifically states them to be
the views of Affinity Vision Australia Pty Ltd

----- Original Message -----
From: "Harris, Richard" <ha...@ta...>
To: "'Andrew McGlashan'" <ae...@bi...>; "Harris, Richard"
<ha...@ta...>
Cc: "Bill Lucas" <bil...@se...>; "Mario Piazzese"
<Mar...@se...>; <pas...@li...>
Sent: Friday, May 10, 2002 3:18 PM
Subject: RE: SEWL passwdsecure -- other note

> Hi Andrew,
>
> Looking at the truss output the problem seem symtematic of a buffer
overrun
> or a stray pointer being accessed.  I've had a look at authprocess.c and
> found a couple of strong contenders.
>
> You've changed the way MD5File works so it returns the MD5 data as a hex
> string, rather than the raw MD5 data.  I assume you've done this for the
> purposes of debugging so you can see the checksum more easily.  You've
made
> a few mistakes in doing this.
>
> Firstly, in MD5File (if the digest is calculated correctly) you return
> buffer2, unfortunately buffer2 is on the stack so as soon as you return
from
> MD5File the memory where you are pointing to will no longer exist.  Later
on
> you then call free on the returned value, this will cause all sorts of
> confusion!  Also digest is being created on the heap but you don't return
a
> pointer to it so it creates a memory leak.
>
> To do it your way MD5File should be:
>
> #ifdef USE_MD5
> char* MD5File(char* filename)
> {
> FILE* file;
> if ((file = fopen (filename, "rb")) == NULL)
> {
>
> #ifdef DEBUG
> fprintf(stderr, "Problem opening file: %s ...\n", filename);
> #endif
>
> return (char*)NULL;
> }
> else {
> MD5_CTX context;
> int len;
> unsigned char buffer[1024];
> unsigned char digest[16];
> unsigned int i;
> char* hexStringDigest;
>
> MD5Init (&context);
> while (len = fread (buffer, 1, 1024, file))
> MD5Update (&context, buffer, len);
> MD5Final (digest, &context);
>
> fclose (file);
>
> /* 33 chars, 32 for hexString, and 1 for NULL */
> hexStringDigest = (char*)malloc(sizeof(char)*33);
> checkMalloc((void*)hexStringDigest);
>
> for (i = 0; i < 16; i++)
> {
> sprintf(hexStringDigest + i*2, "%02x", digest[i] );
> }
>
> return hexStringDigest;
> }
> }
> #endif
>
> I havn't got a machine to compile this on to test but it looks all right.
>
> The other big problem is with md5thusfar.  At line 144 you define
md5thusfar
> as a char* and then (at line 220) you call strncpy to it before it is
> initialised.  It might be pointing at anything at this stage.
>
> You need to change line 220 from:
> strncpy(md5thusfar, file[0], 32);
> to:
> md5thusfar = (char*)malloc(sizeof(char)*33);
> checkMalloc((void*)md5thusfar);
> strncpy(md5thusfar, file[0], 32);
> md5thusfar[32] = '\0';
>
> Note the last line, if file[0] is 32 or more characters long then
md5thusfar
> won't finish with a null, so trouble will ensue.
>
> That's all of the problems I can see in authprocess.c at the moment.  If
you
> fix those problems you should be in with a much better shot of getting it
to
> work.
>
> Regards,
> Richard
>
> PS: As a formatting point when you have something like:
> <tab>func(first_arg,
> <tab>     second_arg);
> You shouldn't change it to
> <tab>func(first_arg,
> <tab><tab>second_arg);
> As the arguments won't line up if someone is using different sized tab
> stops.  You should always tab to specify indents and space to line up a
> command the spreads multiple lines.  The same applies for if/while
> conditions and for statements.
>
> PPS: I've made you an admin of the sourceforge project.
>
>
> -----Original Message-----
> From: Andrew McGlashan [mailto:ae...@bi...]
> Sent: Thursday, 9 May 2002 10:45 AM
> To: Harris, Richard
> Cc: Bill Lucas; Mario Piazzese
> Subject: Fw: SEWL passwdsecure -- other note
> Importance: High
>
>
> Richard,
>
> I have made this email high priority as SE Water has a number of uses that
> will need to use the passwdsecure tool.  Bill has even suggested that I be
> listed as a maintainer to try to progress this quicker; I would really
like
> some more help.
>
> Okay, I have looked at FILECMP again -- I broke it with my former MD5CHECK
> works.  I have since re-worked that but I still have some problems.  The
> FILEICMP looks okay after all, although I haven't actually tested it; I
> didn't look at it closely enough to understand it before.
>
> The problem I am having now with the re-worked FILECMP / MD5CHECK section
> having been done has to do with the getPsinfo function; it is dropping out
> without completing all checks.  I don't know why it dumps out, but here is
> the statement that is failing:
>
>     sizeRead = fread(buf+sizeReadTotal, 1, sizeof(psinfo_t)-sizeReadTotal,
> fileinfo);
>
> Other information (from the non-Linux code):
> > Checking file types / sizes...
> >
> > int      sizeRead         /* always 336 if successful */
> > int      sizeReadTotal    /* always 0 */
> >
> >
> > unsigned char buf[sizeof(psinfo_t)]
> >
>
> Now it fails after a number of iterations.  I did remove a single check
from
> one require group and it got through to an additional require group.  I
was
> going to include the output file with the debug information, but I don't
> have it with me right now.  Let me know if you need it and I will
endeavour
> to get it to you.
>
> I did adjust the following in the getPsinfo function:
>     from    FILE* fileinfo;
>     to    FILE *fileinfo;
> I assume that was simply a typo. The change didn't help or seem to effect
> anything.  I also made sure that every fopen had an fclose; I thought that
> maybe there were too many files open or something like that.  Maybe there
is
> still something in this as it was quite late when I packed it in last
night.
>
> The Makefile in the attached source has a DEBUG entry added to the CFLAGS
> line, so it always makes the debug version for now.  My 'do_conf' doesn't
> include the MD5 directory, however, it uses the found OpenSSL libraries
and
> thus the configure defines USE_MD5.
>
> AndrewM
>
> Andrew McGlashan AACS
> Director
>
> Mobile: 04 2574 1827
>
> Affinity Vision Australia Pty Ltd
> ABN 91 099 273 855
>
> This message contains privileged and confidential information intended
only
> for the use of the addressee named above. If you are not the intended
> recipient of this message you are hereby notified that you must not
> disseminate, copy or take any action in reliance on it.  If you have
> received this message in error please notify Affinity Vision Australia Pty
> Ltd at ae...@bi...  Any views expressed in this message are those of
the
> individual sender, except where the sender specifically states them to be
> the views of Affinity Vision Australia Pty Ltd
>
> ----- Original Message -----
> From: <And...@se...>
> To: <ae...@bi...>
> Sent: Thursday, May 09, 2002 1:12 AM
> Subject: SEWL passwdsecure -- other note
>
>
> >
> > The following statement fails consistently for unknown reasons.....,
> > but only after so many reads...
> >
> > sizeRead = fread(buf+sizeReadTotal, 1, sizeof(psinfo_t)-sizeReadTotal,
> > fileinfo);
> >
> >
> > Checking file types / sizes...
> >
> > int      sizeRead         /* always 336 if successful */
> > int      sizeReadTotal    /* always 0 */
> >
> >
> > unsigned char buf[sizeof(psinfo_t)]
> >
>
>
>
****************************************************************************
*******
> The information in this e-mail message and any files transmitted with it
> are intended to be confidential and for the use of only the individual or
> entity to whom they are addressed. The message and files may be
> protected by legal professional privilege, or other legal rules. The
> confidentiality of and privilege applying to this message and
> files is not waived if this message or files has been sent to you by
mistake.
> If the reader of this message or files is not the intended recipient, you
are
> notified that retention, distribution or copying of this message and files
are
> strictly prohibited.  If you receive this message or files in error,
please
> notify us immediately by telephone or return e-mail and delete all copies
> from your computer system. It is the recipient's responsibility to check
this
> message and files for viruses.
>
> Thank you.
>
****************************************************************************
*******
>

*******************************************************
PLEASE NOTE: This internet email message
has been checked for viruses and appropriate
content to ensure it complies with TABCORP's
electronic communication policy.
*******************************************************

***********************************************************************************
The information in this e-mail message and any files transmitted with it 
are intended to be confidential and for the use of only the individual or 
entity to whom they are addressed. The message and files may be
protected by legal professional privilege, or other legal rules. The 
confidentiality of and privilege applying to this message and 
files is not waived if this message or files has been sent to you by mistake. 
If the reader of this message or files is not the intended recipient, you are 
notified that retention, distribution or copying of this message and files are 
strictly prohibited.  If you receive this message or files in error, please 
notify us immediately by telephone or return e-mail and delete all copies 
from your computer system. It is the recipient's responsibility to check this 
message and files for viruses.

Thank you.
***********************************************************************************