EasyCwmp

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000132easycwmp[All Projects] Bugpublic2016-05-02 23:222016-05-10 23:36
Reporternriedel 
Assigned Tomohamed.kallel 
PrioritynormalSeverityminorReproducibilityalways
StatusresolvedResolutionno change required 
PlatformOSOS Version
Summary0000132: Nonce private key not properly initialized
DescriptionIn the function http_digest_init_nonce_priv_key() in digestauth.c, the NONCE_PRIV_KEY[] array is initialized from /dev/urandom, but then the results are overwritten with what is effectively a fixed string:

    char *possible = STRING_POSSIBLE;
    int dev_random = open("/dev/urandom", O_RDONLY);
    int result = read(dev_random, NONCE_PRIV_KEY, sizeof(NONCE_PRIV_KEY) - 1);
    for(i = 0; i < (sizeof(NONCE_PRIV_KEY) - 1); i++) {
        NONCE_PRIV_KEY[i] = possible[NONCE_PRIV_KEY[i] % (sizeof(STRING_POSSIBLE) - 1)];
    }

Should we check result here and execute the for loop only if the result indicates a failure?


Steps To ReproduceCode inspection.
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0000428)
mohamed.kallel (manager)
2016-05-03 12:55

No, the behaviour is correct.

The goal is to generate a NONCE_PRIV_KEY[] array containing only charchters from the following list "abcdefghijkl0123456789mnopqrstuvwxyz" (POSIIBLE_STRING).

The read(dev_random, NONCE_PRIV_KEY, sizeof(NONCE_PRIV_KEY) - 1) fill the array NONCE_PRIV_KEY[] with charachter out of "abcdefghijkl0123456789mnopqrstuvwxyz"

- Issue History
Date Modified Username Field Change
2016-05-02 23:22 nriedel New Issue
2016-05-03 12:55 mohamed.kallel Note Added: 0000428
2016-05-10 23:36 mohamed.kallel Status new => resolved
2016-05-10 23:36 mohamed.kallel Resolution open => no change required
2016-05-10 23:36 mohamed.kallel Assigned To => mohamed.kallel


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker