Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 04 May 2012 10:08:53 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Solar Designer <solar@...nwall.com>
Subject: Re: Debian/Ubuntu php_crypt_revamped.patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So I'm guessing this needs a CVE #?

On 05/04/2012 09:31 AM, Solar Designer wrote:
> Hi,
> 
> Boaz Rymland reported to me what he thought was a phpass bug, where
> any password would be valid when authenticated against a NULL or
> empty password hash.  (Indeed, the password hash shouldn't normally
> be NULL or empty, but it is better for authentication code to be
> fail-close rather than fail-open.)  At first, I was not able to
> reproduce the problem, but after exchanging a few e-mails we were
> able to narrow it down to PHP crypt() call returning an empty
> string when called with NULL or an empty string for the salt
> argument on Boaz' Ubuntu 11.04 system with php5 5.3.5-1ubuntu7.7.
> I was still not able to reproduce that on other systems (with other
> versions of PHP).
> 
> Today, I downloaded and built clean PHP 5.3.5 on an Owl system. I
> still could not trigger the problem.  Then I applied 
> debian/patches/php_crypt_revamped.patch from Debian's 
> php5_5.3.5-1.diff.gz - and the problem finally appeared.
> 
> Original:
> 
> php@...:~ $ ~/php-5.3.5/bin/php -r 'echo crypt("pass", null),
> "\n";' $1$l5Nwx5hu$NhostJ7i8jP1B.4C4zaiM78.
> 
> With Debian patch:
> 
> php@...:~ $ ~/php-5.3.5-debian/bin/php -r 'echo crypt("pass",
> null), "\n";'
> 
> php@...:~ $
> 
> (empty string was printed).
> 
> It turns out that the patch first appeared in Debian's 5.3.2-1 in 
> response to almost a non-issue (different behavior across PHP
> versions for an invalid salt string) and general feeling that PHP
> should be using system-provided crypto instead of its bundled code
> when possible (questionable to me: each approach has its pros and
> cons):
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572601
> 
> The handling of NULL/empty salt strings was corrected in 5.3.6-1,
> as well as in 5.3.3-7+squeeze4 (stable-security):
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581170
> 
> Apparently, that fix never made it into Ubuntu 11.04 updates - so
> I guess this should happen now.
> 
> Overall, the patch looks problematic to me.  Here's another problem
> with it, still reproducible on 5.3.10-1ubuntu3 (Ubuntu 12.04):
> 
> user@...ntu:~$ php -r 'echo crypt("pass", "_J9..Salt"), "\n";' 
> _J9..Saltr2Hq6I3ZH0s user@...ntu:~$ php -r 'echo crypt("pass",
> "_J9..Saltr2Hq6I3ZH0s"), "\n";' _J0LlWX63dRZg
> 
> That non-security bug is with the "salt_len == 9" check added with
> the patch.  So phpass' authentication against CRYPT_EXT_DES hashes,
> which it tries to support, would be failing on Debian/Ubuntu
> systems.  I guess I need to introduce a workaround for it now,
> complicating the code. :-(
> 
> I think it may be best to drop this patch from further versions of 
> Debian/Ubuntu - and not reintroduce it even in response to the
> likely "bug" reports from Debian users complaining about the
> behavior change from previous versions of Debian.
> 
> I agree that the code in upstream PHP may need improvement, but
> that patch does not improve it, and the deviation from upstream is
> bad. Altering the behavior of PHP on specific distros beyond what
> may normally happen due to PHP's ./configure is undesirable and
> should only be done for very good reasons.
> 
> Sorry for the rant.
> 
> Alexander


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPo/8VAAoJEBYNRVNeJnmTQyoP/jQqdJ6VeZe5cCcjElPQt5AN
37zVkxkY0x5TZLhrrlWmuTGfeYKe9JitWlntQ8Ju9gaTcX6/pzRqRD7pmYkRyV2Q
3hYXd+wMgirNxA+AjgePa+MqQBStpcg4mBeRcUx6fUjVzSLSYMlPgUKABXoEuDFM
1kpYdz+1DTQlmSaV+SCQ11KUfIisNVJl1DzJrlneu27JrKbjf8TDLoxi4yuJyXNL
ZEG+aUQtpo9H+oAP8UnAP2iUlvAKpAqdf44vyBRLHMs0DW8zTCYhINg6TNZXokne
KzJ58tmGcW39nCC4BgYTK0C28ZsI7i1XGk+3ABuVMngFaDz8wXBRfx0Ht++TKED3
zMkzeKeyKYfU8XSO6xt6aOUbXW2wLu5JAevdO/Bhe0aTvZJtHiFL2ocI8tyJN8Av
9Ru66u8vD3hDslkn676MvZTIlrlR/gtBTOFHnjl233zaMERakH2ktxWgobr9qU2i
9yN9ZYEUXVZv5wlJEK48c0pd337/gcDdcbGF4bFQ2AqfBt6RX+LKdgpxKH/9DztU
YWA8sKu9yQ0UJ+PWLroDcoo92Q1XxmNN9LM5+4O+QgXnsNgwXo9BdTopfrcuuJr8
OCkxcDt4nayz2aT1VGoid2hY7vQohaS24Yf3NILhx+cUiZDlPM24xpGN1FukWvlq
RjYAtiCy3B7zyNEZBzxl
=XSLr
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ