Bounty program for improvements to Tcl and certain Tcl packages.

Artifact ID: f7b030c59243865bd603340a5e7f5778b95e75329c0281532a78d9c0094fcc5c
Ticket: fa1e4e0e6c6fa1e68188b594f357f39e7af976d6
wrong index calculation in tclhttpd Passgen_Salt
User & Date: anonymous 2020-03-26 11:22:00

  1. Change foundin to "4.0"
  2. Change icomment to:

    The crypt command used in tclhttpd requires a 2 characters salt but sometimes Passgen_Salt generates a shorter salt caused by a wrong random index calculation and crypt thows an error.

    How to reproduce:

    while {1} { set salt [Passgen_Salt] if {[string length $salt] < 2} { puts "salt=$salt" crypt "password" $salt } }

    The problemi is caused by [expr round(rand()*$slen)] which sometimes calculates an index equal to the length of the salt string so that [string index $saltstr $index] = "".

    To fix the problem we need to replace round() with int() in passgen.tcl:Passgen_Salt:

    proc Passgen_Salt {} { global passgen set slen [string len $passgen(saltstr)] return "[string index $passgen(saltstr) [expr {int(rand()*$slen)}]][string index $passgen(saltstr) [expr {int(rand()*$slen)}]]" }

  3. Change login to "anonymous"
  4. Change mimetype to "text/x-fossil-plain"
  5. Change private_contact to "906425e3591abc7243c4f379097280af643e594c"
  6. Change severity to "Important"
  7. Change status to "Open"
  8. Change title to "wrong index calculation in tclhttpd Passgen_Salt"
  9. Change type to "Code_Defect"