Overview
| Artifact ID: | f7b030c59243865bd603340a5e7f5778b95e75329c0281532a78d9c0094fcc5c |
|---|---|
| Ticket: | fa1e4e0e6c6fa1e68188b594f357f39e7af976d6
wrong index calculation in tclhttpd Passgen_Salt |
| User & Date: | anonymous 2020-03-26 11:22:00 |
Changes
- foundin changed to: "4.0"
- icomment:
The crypt command used in tclhttpd requires a 2 characters salt but sometimes Passgen_Salt generates a shorter salt caused by a wrong random index calculation and crypt thows an error. How to reproduce: while {1} { set salt [Passgen_Salt] if {[string length $salt] < 2} { puts "salt=$salt" crypt "password" $salt } } The problemi is caused by [expr round(rand()*$slen)] which sometimes calculates an index equal to the length of the salt string so that [string index $saltstr $index] = "". To fix the problem we need to replace round() with int() in passgen.tcl:Passgen_Salt: proc Passgen_Salt {} { global passgen set slen [string len $passgen(saltstr)] return "[string index $passgen(saltstr) [expr {int(rand()*$slen)}]][string index $passgen(saltstr) [expr {int(rand()*$slen)}]]" } - login: "anonymous"
- mimetype: "text/x-fossil-plain"
- private_contact changed to: "906425e3591abc7243c4f379097280af643e594c"
- severity changed to: "Important"
- status changed to: "Open"
- title changed to: "wrong index calculation in tclhttpd Passgen_Salt"
- type changed to: "Code_Defect"