Debian Bug report logs - #677275
passwd: RAND_MAX is for rand() only, and on some systems random() can exceed RAND_MAX

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Igor Pashev <pashev.igor@gmail.com>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: passwd: RAND_MAX is for rand() only, and on some systems random() can exceed RAND_MAX

Date: Wed, 13 Jun 2012 00:15:53 +0400

Package: passwd
Version: 1:4.1.5.1-1
Severity: wishlist

Dear Maintainer,

function SHA_salt_size() in file libmisc/salt.c uses random() to get random
number and divides it by RAND_MAX.

This is incorrect.

RAND_MAX macro is designed for C standard fucntion rand() (value of the
RAND_MAX macro shall be at least 32767) [1]

But random() returns numbers in the range from 0 to 2^31-1 [2].

So, random()/RAND_MAX could result in a value > 1.

I propose to replace RAND_MAX with LONG_MAX.




[1] http://pubs.opengroup.org/onlinepubs/009695399/functions/rand.html
[2] http://pubs.opengroup.org/onlinepubs/7908799/xsh/initstate.html



-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages passwd depends on:
ii  debianutils     4.3.1
ii  libc6           2.13-33
ii  libpam-modules  1.1.3-7.1
ii  libpam0g        1.1.3-7.1
ii  libselinux1     2.1.9-2
ii  libsemanage1    2.1.6-2

passwd recommends no packages.

passwd suggests no packages.

-- no debconf information

Message #10 received at 677275@bugs.debian.org (full text, mbox, reply):

From: Nicolas François <nicolas.francois@centraliens.net>

To: Igor Pashev <pashev.igor@gmail.com>, 677275@bugs.debian.org

Subject: Re: [Pkg-shadow-devel] Bug#677275: passwd: RAND_MAX is for rand() only, and on some systems random() can exceed RAND_MAX

Date: Wed, 13 Jun 2012 01:04:51 +0200

Hello,

On Wed, Jun 13, 2012 at 12:15:53AM +0400, pashev.igor@gmail.com wrote:
> 
> function SHA_salt_size() in file libmisc/salt.c uses random() to get random
> number and divides it by RAND_MAX.
> 
> This is incorrect.
> 
> RAND_MAX macro is designed for C standard fucntion rand() (value of the
> RAND_MAX macro shall be at least 32767) [1]
> 
> But random() returns numbers in the range from 0 to 2^31-1 [2].
> 
> So, random()/RAND_MAX could result in a value > 1.

Theoretically agreed.
The random(3) manpage is misleading here (although no problem on glibc)

> I propose to replace RAND_MAX with LONG_MAX.

This should be 2^31-1, not LONG_MAX.

Best Regards,
-- 
Nekral

Message #15 received at 677275@bugs.debian.org (full text, mbox, reply):

From: Alexander Gattin <xrgtn@yandex.ru>

To: Nicolas François <nicolas.francois@centraliens.net>, 677275@bugs.debian.org

Cc: Igor Pashev <pashev.igor@gmail.com>

Subject: Re: [Pkg-shadow-devel] Bug#677275: passwd: RAND_MAX is for rand() only, and on some systems random() can exceed RAND_MAX

Date: Wed, 13 Jun 2012 11:37:46 +0300

[Message part 1 (text/plain, inline)]

Hello,

On Wed, Jun 13, 2012 at 01:04:51AM +0200, Nicolas
François wrote:
> On Wed, Jun 13, 2012 at 12:15:53AM +0400,
> pashev.igor@gmail.com wrote:
> > But random() returns numbers in the range from
> > 0 to 2^31-1 [2].
> > 
> > So, random()/RAND_MAX could result in a value > 1.
> 
> Theoretically agreed.
> The random(3) manpage is misleading here
> (although no problem on glibc)

HP-UX, Tru64 and SunOS5.9 manpages on random()
don't mention RAND_MAX at all and state that
random() returns an integer from 0 to 2^31-1

The problem here is "on some systems random() can
exceed RAND_MAX". In fact, I'm more interested
about systems where random() cannot exceed
RAND_MAX. Do such systems have RAND_MAX==2^31-1?
Or do they have random() with another range of
possible return values? In the latter case we
should have to check for non-standard random()
in ./configure script.

-- 
With best regards,
xrgtn

[random-hpux.3m.Z (application/octet-stream, attachment)]

[random-tru64.3.gz (application/octet-stream, attachment)]

[random-sunos.3c (text/plain, attachment)]

[signature.asc (application/pgp-signature, inline)]

Message #20 received at 677275@bugs.debian.org (full text, mbox, reply):

From: Alexander Gattin <xrgtn@yandex.ru>

To: Nicolas François <nicolas.francois@centraliens.net>, 677275@bugs.debian.org

Cc: Igor Pashev <pashev.igor@gmail.com>

Subject: passwd: RAND_MAX is for rand() only, and on some systems random() can exceed RAND_MAX

Date: Wed, 13 Jun 2012 14:16:56 +0300

[Message part 1 (text/plain, inline)]

The GNU/Linux random(3) manpage says explicitly:
> The random() function returns a value between
> 0 and RAND_MAX

The same is said in GNU libc docs (info libc "BSD
Random"):
> This section describes a set of random number
> generation functions that are derived from BSD.
> There is no advantage to using these functions
> with the GNU C library; we support them for BSD
> compatibility only.
...
> The value returned ranges from `0' to
> `RAND_MAX'.

This doesn't contradict HP-UX, Tru64, Solaris, BSD
and SUS/XPG, because RAND_MAX on GNU/Linux is
defined as 2^31-1:
> /usr/include/stdlib.h:#define   RAND_MAX        2147483647

Probably, we should use RAND_MAX on GNU (both
Linux and Hurd), and 0x7fffffff on all other
systems?

-- 
With best regards,
xrgtn

[signature.asc (application/pgp-signature, inline)]

Message #25 received at 677275@bugs.debian.org (full text, mbox, reply):

From: Nicolas François <nicolas.francois@centraliens.net>

To: Alexander Gattin <xrgtn@yandex.ru>, Igor Pashev <pashev.igor@gmail.com>

Cc: 677275@bugs.debian.org

Subject: Re: Bug#677275: passwd: RAND_MAX is for rand() only, and on some systems random() can exceed RAND_MAX

Date: Mon, 5 Aug 2013 14:26:56 +0200

[Message part 1 (text/plain, inline)]

Hello,

On Wed, Jun 13, 2012 at 02:16:56PM +0300, Alexander Gattin wrote:
> 
> Probably, we should use RAND_MAX on GNU (both
> Linux and Hurd), and 0x7fffffff on all other
> systems?

Lets just assume we cannot assume anything.

random() is used to compute the size of salt and number of rounds for SHA
encrypted passwords.

I introduced a RANDOM_MAX set to 0x7FFFFFFF (this seems to be valid for
all the mentioned systems anyway)

If random() returns an higher value, I will use the biggest salt or max
number of rounds.

If random() has a lower max value, I will favor higher numbers by counting
down from the max value instead of adding to the min value.

This will be a flawed random, but will favor the biggest salt with the
highest number of rounds (i.e. when the rainbow tables will be the most
difficult to compute).

I applied the attached patch.

Does it sounds OK to both of you?

Best Regards,
-- 
Nekral

[shadow_debian_677275.patch (text/x-diff, attachment)]

Message #32 received at 677275-close@bugs.debian.org (full text, mbox, reply):

From: Christian Perrier <bubulle@debian.org>

To: 677275-close@bugs.debian.org

Subject: Bug#677275: fixed in shadow 1:4.2-1

Date: Wed, 23 Apr 2014 17:00:09 +0000

Source: shadow
Source-Version: 1:4.2-1

We believe that the bug you reported is fixed in the latest version of
shadow, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 677275@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Perrier <bubulle@debian.org> (supplier of updated shadow package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 22 Apr 2014 09:01:42 +0200
Source: shadow
Binary: passwd login uidmap
Architecture: source i386
Version: 1:4.2-1
Distribution: experimental
Urgency: low
Maintainer: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
Changed-By: Christian Perrier <bubulle@debian.org>
Description: 
 login      - system login tools
 passwd     - change and administer password and group data
 uidmap     - programs to help use subuids
Closes: 583971 670132 675824 677275 677441 677812 679152 685415 688252 688260 691459 705301 713979 718356 720004 739981 744877
Changes: 
 shadow (1:4.2-1) experimental; urgency=low
 .
   [ Nicolas FRANCOIS (Nekral) ]
   * New upstream release. Fixes:
     - Invalid free() in su fixed by using strdup(). Thanks to Serge
       Hallyn for the patch. Closes: #691459
     - Kill the child process group, rather than just the
       immediate child; this is needed now that su no
       longer starts a controlling terminal when not running an
       interactive shell. Thanks to Colin Watson for the patch.
       Closes: #713979
     - German manpages translation update. Closes: #679152
     - Improve login.defs (typographic errors and better format).
       Closes: #685415
     - Russian translation update. Closes: #718356
     - Do not assume random() is limited by RAND_MAX.  Closes: #677275
     - Support C libraries with unknown fields in struct passwd.
       Closes: #675824
     - su: child cleanup is performed before terminating PAM sessions. This
       avoids anoying "...terminated" messages when PAM module send signal to
       su during session close. Closes: #670132
     - vipw/vigr is checking arguments provided after options. Closes: #677812
     - Updated Japanese translation. Closes: #720004
     - vipw: Fix error reporting when editor fails. Closes: #688260
   * Moved to git: replace Vcs-Git in place of Vcs-Svn and adapt
     Vcs-Browser.
   * Add pam_loginuid to login PAM settings. Closes: #677441
   * passwd.install: add new subuid.5 and subgid.5 manpages
   * debian/rules, debian/control, debian/uidmap.install: create new uidmap
     package containing the new setuid-root binaries newuidmap and newgidmap
     Set uidmap as priority optional.
   * debian/login.su.pam: Enable pam_limits by default. Closes: #705301
   * debian/rules: Set default editor to sensible-editor for vipw.
     Closes: #688252
 .
   [ Micah Anderson ]
   * added debian/patches/userns to enable use of subuids, plus some bugfix
     patches on top of them, patches from Eric Biederman, pulled from
     Ubuntu. Closes: #739981
   * Allow LXC devices (lxc/console, lxc/tty[1234]) in securetty.linux
   * Update documentation of UMASK: Explain that USERGROUPS_ENAB will modify
     this default for UPGs. (Closes: #583971)
   * login.postinst: install a default /etc/subuid and /etc/subgid
   * fix installation of setuid/setgid/newuidmap/newgid/map man pages
 .
   [ Laurent Bigonville ]
   * Switch to dpkg-source 3.0 (quilt) format
   * Add build-dependency against bison
   * Call dh-autoreconf since we need to regenerate all the autofoo files
 .
   [ Philippe Grégoire ]
   * Fix 1000_configure_userns to avoid dropping a needed #endif
     Closes: #744877
 .
   [ Christian Perrier ]
   * Bump Standards to 3.9.5 (checked)
   * Use 'set -e' in postinst scripts and not in thei shebang line
   * Explicitly point to GPL-2 document in debian/copyright
Checksums-Sha1: 
 7a953806327d77d1d28afb499638b28a87f7e2b0 2280 shadow_4.2-1.dsc
 77feddc823a42623462d3c3a9a49f2f6cf213ca9 1088696 shadow_4.2.orig.tar.xz
 e06d4161e168239a3892fcd0678ff318d1959f01 89984 shadow_4.2-1.debian.tar.xz
 07a31e6ccbaa6b60655342d5b7d880cd6ec2030a 936356 passwd_4.2-1_i386.deb
 6b6a43007c59294c10d2c93c862378cfd209db15 715258 login_4.2-1_i386.deb
 7596c5534cbbf515a1e76ae9d79f0ef25b99c50a 253058 uidmap_4.2-1_i386.deb
Checksums-Sha256: 
 c261dd9f07facaf28aac9be7428e6261718352e1b614e009d77868d8478064a7 2280 shadow_4.2-1.dsc
 c5bd72c4ecb438b99289e4630b22ea0626987a378d084910dbe59eceaa34be1d 1088696 shadow_4.2.orig.tar.xz
 79334c75ab65c0213ab456676f4202ba8d501c9f5db7b6e854596ea9dd20a857 89984 shadow_4.2-1.debian.tar.xz
 65922e8615fedf7fc1899ecc013c609b2617f364982874faf24d13db98d8b720 936356 passwd_4.2-1_i386.deb
 fbbf62a7a782ed008a0b7db1008bea2c703e78a7f6ccb7fadea914b0b2f19e29 715258 login_4.2-1_i386.deb
 c8de04906b3f69b8868b9847985b510a11b2a0dd727695f2c1d1d0081a74e173 253058 uidmap_4.2-1_i386.deb
Files: 
 544065f3809d01750af0508224f02d85 936356 admin required passwd_4.2-1_i386.deb
 490d08a75d66fed273cc3d45dfbe09dc 715258 admin required login_4.2-1_i386.deb
 e3ebdc013ae2f49974272dbc6d912e4a 253058 admin optional uidmap_4.2-1_i386.deb
 1c3468e3c632e9d1a2d26d417e2c5aff 2280 admin required shadow_4.2-1.dsc
 912a5957c1471acccedbc2a635e36f5e 1088696 admin required shadow_4.2.orig.tar.xz
 da1fcef9574c7cf2b206439e0fbefb57 89984 admin required shadow_4.2-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIVAwUBU1YYC4cvcCxNbiWoAQKhEBAAj4ivr7F76rrS55/IpcwCuuLjNBlH3UZS
j8/+PYjEpY+55+eBgWcw10EP3VGfiCNg/tAGcBCpL7WSmYHH3Bo6OxsBORlIBnR4
aadZz3r1vMsnMfRkvCIKv+samfoRRmO+URWWB02bjlHRqiqnOKfSKMe98HrjUTzX
yOjMWCXn13IzCGy2XofoixSa8zvZ6C8jkA+orY9B0aGzZ2UYqcE24smrrRG3jybL
lycF+6QLFZV1Vkqwz6SEJLAX2O1+Hnkw8ZooqTlCLFlEaGDq/R6PmNM9wML/3vY5
zxUO2Kn46t0Ei2m3Qpd75Q/lcdut/yAWPie5gHCENi/iBOHpyqkxTbWE5XEHqrLq
I/lt6k80uplwpCVeUu8Jq+Fj4rIEoLdqKWht4T0mplNNfmqNJH0bhWU10YLpcF0f
arfas6t907FLieTSN3fZYzeITc7FiZeFsK+GexxNAvdCjwncz6sewm7g2l34Oe2C
LUto4/qsy7mfsh8pWLAR0ZQA2JjYlmqVJkRVBQQ72SjuvfE1GKRWOuw8bvUgrs3g
O3mctHmIW3xu7RsnPHacusTqmLzbccObvvyaWw1qm6PV095z2YeYNHjVj1VkHE/i
s2lKgWXFCtPIOJ/YjHjd5xL5mWwvdi3YezsM9Id7TSpBRsR0PsOBishrMDgRqbB1
u9JNvlQUwNc=
=0Bgo
-----END PGP SIGNATURE-----

Message #37 received at 677275@bugs.debian.org (full text, mbox, reply):

From: "Interfax" <incoming@interfax.net>

To: 677275@bugs.debian.org

Subject: You have 1 new fax, document 00000842784

Date: Wed, 28 Oct 2015 18:54:38 +0200

[Message part 1 (text/plain, inline)]

You have a new fax!

You can find your fax document in the attachment.

Scanned by:            Elmer Hodges
Fax name:              document-00000842784.doc
Pages sent:            8
Scan quality:          600 DPI
File size:             142 Kb
Date:                  Tue, 27 Oct 2015 23:06:48 +0300
Scan duration:         55 seconds

Thank you for using Interfax!

[document-00000842784.zip (application/zip, attachment)]

Send a report that this bug log contains spam.