[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Potential bug in win32 binary version?
From: |
Daniel Armyr |
Subject: |
Re: Potential bug in win32 binary version? |
Date: |
Sat, 12 Jan 2008 10:38:19 +0100 |
Actually, I didn't build it myself. I used the version from the Vortex
Project, because I don't have a MingW environment set up on my computer.
--DA
On Fri, 11 Jan 2008 17:05:27 +0100
Simon Josefsson <address@hidden> wrote:
> "Daniel Armyr" <address@hidden> writes:
>
> > Hi.
> > I attempted to secure an existing program win32 by adding gsasl as
> > the authentication process. Everything works fine, but we suddenly
> > realized that the challenge strings are allways identical. Is this
> > a known bug?
> >
> > Here is a sample code snippet so show the problem:
> >
> > char password[40];
> > Gsasl *ctx;
> > Gsasl_session *session;
> > char *p;
> >
> > gsasl_init (&ctx);
> > gsasl_server_start (ctx,"CRAM-MD5",&session); gsasl_property_set
> > (session, GSASL_AUTHID, "admin" ); gsasl_property_set (session,
> > GSASL_PASSWORD, password ); gsasl_step64( session, "", &p );
> >
> > In this case, p is allways exactly the same string every time.
> > Anyone see the problem?
>
> Hi! Thanks for the report. Did you link gsasl with libgcrypt?
> Otherwise, gsasl will read the nonce from /dev/random which probably
> doesn't exist on win32. You should have seen a warning
> from ./configure when you built gsasl.
>
> This seems like a serious problem, and we should make sure it can't
> happen. The code in the CRAM-MD5 server doesn't check the return
> value from the randomness-function. Fixing that would be the first
> step. A self-test to test whether two challenges are different
> should be added too.
>
> Thanks,
> /Simon
>
>
> _______________________________________________
> Help-gsasl mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/help-gsasl
- Potential bug in win32 binary version?, Daniel Armyr, 2008/01/11
- Re: Potential bug in win32 binary version?, Simon Josefsson, 2008/01/11
- Re: Potential bug in win32 binary version?,
Daniel Armyr <=
- Re: Potential bug in win32 binary version?, Francis Brosnan Blazquez, 2008/01/14
- Re: Potential bug in win32 binary version?, Simon Josefsson, 2008/01/14
- Re: Potential bug in win32 binary version?, Simon Josefsson, 2008/01/15
- Re: Potential bug in win32 binary version?, Francis Brosnan Blazquez, 2008/01/15
- SV: Potential bug in win32 binary version?, Daniel Armyr, 2008/01/15
- Re: SV: Potential bug in win32 binary version?, Simon Josefsson, 2008/01/15
- SV: SV: Potential bug in win32 binary version?, Daniel Armyr, 2008/01/15
- Re: SV: SV: Potential bug in win32 binary version?, Simon Josefsson, 2008/01/18