If an external caller invokes the the method Crypt::RandPasswd->random_chars_in_range(), Perl prepends the object name to the function's argument list. This causes the local variables $minlen, $maxlen, $lo_char, and $hi_char to be set incorrectly ($minlen is set to the object name, $maxlen is set to what should have been the minimum length, $lo_char is set to what should have been the maximum length, and $hi_char is set to what should have been the first character in the given range), so that the method returns an incorrect result. When random_chars_in_range() is called from within the module (e.g., by the letters() method), Perl does not modify the argument list, so the random_chars_in_range() method works as documented. Fix: Apply this patch to the Crypt::RandPasswd sources, which in random_chars_in_range(), adds a check to the argument list length prior to parsing, and if it is greater than 4 items, shifts the list down by one: sub random_chars_in_range($$$$) { + @_ > 4 and shift; my( $minlen, $maxlen, $lo_char, $hi_char ) = @_; $minlen <= $maxlen or die "minlen $minlen is greater than maxlen $maxlen";--amCEPnhCfL1pX7mGstjY33ObCLuITbFTH7kc27dMtqS5S3Xp Content-Type: text/plain; name="file.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="file.diff" --- Crypt-RandPasswd-0.02/lib/Crypt/RandPasswd.pm.orig 2011-01-20 15:12:21.305822700 -0500 +++ Crypt-RandPasswd-0.02/lib/Crypt/RandPasswd.pm 2011-01-21 10:55:30.872462500 -0500 @@ -1466,6 +1466,7 @@ =cut How-To-Repeat: These two commands should have an equivalent result (32 random lower-case letters): perl -MCrypt::RandPasswd -e 'print Crypt::RandPasswd->letters(32,32),"\n";' perl -MCrypt::RandPasswd -e 'print Crypt::RandPasswd->random_chars_in_range(32,32, "a" => "z"),"\n";' However, the second command will result in a random string from zero to 32 characters long taken from the set ASCII code 32 (space) through the letter "a".
Responsible Changed From-To: freebsd-ports-bugs->skreuzer Over to maintainer (via the GNATS Auto Assign Tool)
I sent an email to the original author of the perl module to let him = know about the bug and its been over 2 months and i have not heard back. = I don't really think we should maintain patches for bugs in a port that = will affect users on other platforms. Ideally they should be sent back upstream to = the maintainer but in this case, it looks like this module may no longer = be maintained. Maybe it would make sense to fork this module, and bump the version = number and then update the port.=
skreuzer 2011-08-19 21:48:14 UTC FreeBSD ports repository Modified files: security/p5-Crypt-RandPasswd Makefile Added files: security/p5-Crypt-RandPasswd/files patch-lib-Crypt-RandPasswd.pm Log: Fix isse where if an external caller invokes the the method Crypt::RandPasswd->random_chars_in_range(), Perl prepends the object name to the function's argument list. This causes the local variables $minlen, $maxlen, $lo_char, and $hi_char to be set incorrectly ($minlen is set to the object name, $maxlen is set to what should have been the minimum length, $lo_char is set to what should have been the maximum length, and $hi_char is set to what should have been the first character in the given range), so that the method returns an incorrect result. PR: ports/154207 Submitted by: Matthew X. Economou <xenophon+fbsdports@irtnog.org> Revision Changes Path 1.12 +1 -0 ports/security/p5-Crypt-RandPasswd/Makefile 1.1 +10 -0 ports/security/p5-Crypt-RandPasswd/files/patch-lib-Crypt-RandPasswd.pm (new) _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed I tried working with the upstream provider to no avail. I am going to include this patch and hope it gets included in newer versions of the module