View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000132 | easycwmp | Bug | public | 2016-05-02 23:22 | 2016-05-10 23:36 |
Reporter | nriedel | Assigned To | mohamed.kallel | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | resolved | Resolution | no change required | ||
Summary | 0000132: Nonce private key not properly initialized | ||||
Description | In the function http_digest_init_nonce_priv_key() in digestauth.c, the NONCE_PRIV_KEY[] array is initialized from /dev/urandom, but then the results are overwritten with what is effectively a fixed string: char *possible = STRING_POSSIBLE; int dev_random = open("/dev/urandom", O_RDONLY); int result = read(dev_random, NONCE_PRIV_KEY, sizeof(NONCE_PRIV_KEY) - 1); for(i = 0; i < (sizeof(NONCE_PRIV_KEY) - 1); i++) { NONCE_PRIV_KEY[i] = possible[NONCE_PRIV_KEY[i] % (sizeof(STRING_POSSIBLE) - 1)]; } Should we check result here and execute the for loop only if the result indicates a failure? | ||||
Steps To Reproduce | Code inspection. | ||||
Tags | No tags attached. | ||||
e-mail notification | |||||
|
No, the behaviour is correct. The goal is to generate a NONCE_PRIV_KEY[] array containing only charchters from the following list "abcdefghijkl0123456789mnopqrstuvwxyz" (POSIIBLE_STRING). The read(dev_random, NONCE_PRIV_KEY, sizeof(NONCE_PRIV_KEY) - 1) fill the array NONCE_PRIV_KEY[] with charachter out of "abcdefghijkl0123456789mnopqrstuvwxyz" |
Date Modified | Username | Field | Change |
---|---|---|---|
2016-05-02 23:22 | nriedel | New Issue | |
2016-05-03 12:55 | mohamed.kallel | Note Added: 0000428 | |
2016-05-10 23:36 | mohamed.kallel | Status | new => resolved |
2016-05-10 23:36 | mohamed.kallel | Resolution | open => no change required |
2016-05-10 23:36 | mohamed.kallel | Assigned To | => mohamed.kallel |