Bug 193355 - OPIE may not generate passwds from the dictionary correctly
Summary: OPIE may not generate passwds from the dictionary correctly
Status: Closed Not A Bug
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 10.0-RELEASE
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-09-05 23:18 UTC by Dan Turner
Modified: 2014-09-06 07:56 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dan Turner 2014-09-05 23:18:00 UTC 
contrib/opie/libopie/btoe.c contains a dictionary, Wp. Wp is _not_ sorted lexicographically. for instance, "YOU" is immediately before "ABED", line . 

The function wsrch (impl. starts at line 2203) implements a binary search over Wp, using strncmp as the comparison method. The call strncmp uses lexicographic ordering, in which "ABED" is considered to be less than "YOU".

Unfortunately, this dictionary is from RFC 2289 & RFC 1760, and is specified in this order. As such, I don't know how modifying this dictionary order (or the search order) would behave in relation to these standards.

I cannot spot any location where Wp is being sorted prior to being used, but I also have not produced proof-of-concept that fails or returns the wrong value, this code looks suspicious to me though, as I think the pre-conditions of the binary search are being violated.
Comment 1 Andrey A. Chernov freebsd_committer freebsd_triage 2014-09-06 01:35:45 UTC 
start/end of Wp depends of word length:

    if (l < 4) {
      low = 0;
      high = 570;
    } else {
      low = 571;
      high = 2047;
    }
    if ((v = wsrch(word, low, high)) < 0) {
Comment 2 Dan Turner 2014-09-06 07:56:46 UTC 
Thanks for your time :-)

I did ask in irc if I was missing anything so obvious!