| Ticket UUID: | 861f53ff24c0a5c23306db9f5118d790a4cd3ec0 | |||
| Title: | md5_bin is used from SASL::SCRAM | |||
| Type: | Patch | Version: | ||
| Submitter: | anonymous | Created on: | 2014-01-13 06:53:01 | |
| Subsystem: | sasl | Assigned To: | aku | |
| Priority: | 5 Medium | Severity: | Important | |
| Status: | Closed | Last Modified: | 2014-01-21 17:29:30 | |
| Resolution: | Fixed | Closed By: | aku | |
| Closed on: | 2014-01-21 17:29:30 | |||
| Description: |
Hi!
SASL::SCRAM package uses [SASL::CreateNonce] to generate a random string, and it doesn't work well if /dev/urandom is not available, because it tries to call md5_bin and fails because md5_init wasn't called.
I'd like to propose the following patch to SASL.tcl (I've made it for an AS distribution, so the line numbers and filename are a bit off):
--- SASL-1.3.2.tm.orig Mon Nov 26 15:27:07 2012
+++ SASL-1.3.2.tm Mon Jan 13 10:46:51 2014
@@ -636,6 +636,7 @@
}
}
if {[string length $bytes] < 1} {
+ md5_init
set bytes [md5_bin [clock seconds]:[pid]:[expr {rand()}]]
}
return [binary scan $bytes h* r; set r]
| |||
| User Comments: |
aku added on 2014-01-21 17:29:30:
Fix in revision [8175173735]. Committed. Pushed. Thank you for the report, and patch. aku added on 2014-01-21 17:22:24: Yes, that looks right. Will apply. (Should add tests for CreateNonce, if that is a public command). | |||
Home
Blog
Docs
Downloads
Tickets
Timeline
Branches
Tags
Wiki