Attachment 571739 Details for Bug 805551 – preliminary patch to fix the flaw

[patch] preliminary patch to fix the flaw

keystone_diablo_large_password_crash.patch.txt (text/plain), 3.15 KB, created by Vincent Danen on 2012-03-21 15:18:31 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Vincent Danen

Created: 2012-03-21 15:18:31 UTC

Size: 3.15 KB

patch

obsolete

>diff --git a/.mailmap b/.mailmap
>index 0e68e30..3a6c394 100644
>--- a/.mailmap
>+++ b/.mailmap
>@@ -1,3 +1,4 @@
>+<dprince@redhat.com> <dan.prince@rackspace.com>
> <dolph.mathews@rackspace.com> <dolph.mathews@gmail.com>
> <jeblair@hp.com> <corvus@gnu.org>
> <jeblair@hp.com> <james.blair@rackspace.com>
>diff --git a/AUTHORS b/AUTHORS
>index cad5c2b..84027e5 100644
>--- a/AUTHORS
>+++ b/AUTHORS
>@@ -3,7 +3,7 @@ Alex Silva <alex.silva@M1BPAGY.(none)>
> Anne Gentle <anne@openstack.org>
> Anthony Young <sleepsonthefloor@gmail.com>
> Brian Lamar <brian.lamar@gmail.com>
>-Dan Prince <dan.prince@rackspace.com>
>+Dan Prince <dprince@redhat.com>
> Dolph Mathews <dolph.mathews@gmail.com>
> gholt <gholt@brim.net>
> jabdul <abdulkader.j@hcl.com>
>diff --git a/keystone/backends/backendutils.py b/keystone/backends/backendutils.py
>index 02970b3..54dd496 100644
>--- a/keystone/backends/backendutils.py
>+++ b/keystone/backends/backendutils.py
>@@ -2,6 +2,8 @@ from keystone.backends import models
> import keystone.backends as backends
> from passlib.hash import sha512_crypt as sc
> 
>+MAX_PASSWORD_LENGTH = 4096
>+
> 
> def __get_hashed_password(password):
>     if password != None and len(password) > 0:
>@@ -28,6 +30,8 @@ def check_password(raw_password, enc_password):
>     if not raw_password:
>         return False
>     if backends.SHOULD_HASH_PASSWORD:
>+        if len(raw_password) > MAX_PASSWORD_LENGTH:
>+            raw_password = raw_password[:MAX_PASSWORD_LENGTH]
>         return sc.verify(raw_password, enc_password)
>     else:
>         return enc_password == raw_password
>@@ -39,6 +43,8 @@ def __make_password(raw_password):
>     """
>     if raw_password is None:
>         return None
>+    if len(raw_password) > MAX_PASSWORD_LENGTH:
>+        raw_password = raw_password[:MAX_PASSWORD_LENGTH]
>     hsh = __get_hexdigest(raw_password)
>     return '%s' % (hsh)
> 
>diff --git a/keystone/test/unit/test_backendutils.py b/keystone/test/unit/test_backendutils.py
>new file mode 100644
>index 0000000..c90a47f
>--- /dev/null
>+++ b/keystone/test/unit/test_backendutils.py
>@@ -0,0 +1,33 @@
>+# vim: tabstop=4 shiftwidth=4 softtabstop=4
>+# Copyright (c) 2010-2011 OpenStack, LLC.
>+#
>+# Licensed under the Apache License, Version 2.0 (the "License");
>+# you may not use this file except in compliance with the License.
>+# You may obtain a copy of the License at
>+#
>+#    http://www.apache.org/licenses/LICENSE-2.0
>+#
>+# Unless required by applicable law or agreed to in writing, software
>+# distributed under the License is distributed on an "AS IS" BASIS,
>+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>+# implied.
>+# See the License for the specific language governing permissions and
>+# limitations under the License.
>+
>+
>+import unittest2 as unittest
>+import keystone.backends.backendutils as backendutils
>+import keystone.backends as backends
>+
>+
>+class BackendUtilsTest(unittest.TestCase):
>+
>+    def setUp(self):
>+        backends.SHOULD_HASH_PASSWORD = True
>+
>+    def test_check_long_password(self):
>+        bigboy = '0' * 9999999
>+        values = {'password': bigboy}
>+        backendutils.set_hashed_password(values)
>+        hashed_pw = values['password']
>+        self.assertTrue(backendutils.check_password(bigboy, hashed_pw))

Actions: View | Diff

Attachments on bug 805551: 571739